Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
361a1191
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
接近 2 年 前同步成功
通知
12
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
361a1191
编写于
12月 05, 2015
作者:
K
Kurt Roeckx
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Remove support for all 40 and 56 bit ciphers.
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
MR: #364
上级
fe6ef247
变更
24
展开全部
隐藏空白更改
内联
并排
Showing
24 changed file
with
293 addition
and
1419 deletion
+293
-1419
CHANGES
CHANGES
+5
-0
apps/s_server.c
apps/s_server.c
+2
-45
demos/easy_tls/easy-tls.c
demos/easy_tls/easy-tls.c
+0
-15
demos/easy_tls/easy-tls.h
demos/easy_tls/easy-tls.h
+0
-1
doc/apps/ciphers.pod
doc/apps/ciphers.pod
+0
-32
doc/apps/s_server.pod
doc/apps/s_server.pod
+0
-6
doc/ssl/SSL_CTX_set_cipher_list.pod
doc/ssl/SSL_CTX_set_cipher_list.pod
+0
-5
doc/ssl/SSL_CTX_set_options.pod
doc/ssl/SSL_CTX_set_options.pod
+0
-1
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
+0
-159
doc/ssl/ssl.pod
doc/ssl/ssl.pod
+0
-20
include/openssl/ssl.h
include/openssl/ssl.h
+0
-31
include/openssl/tls1.h
include/openssl/tls1.h
+0
-6
ssl/s3_enc.c
ssl/s3_enc.c
+3
-33
ssl/s3_lib.c
ssl/s3_lib.c
+223
-477
ssl/ssl_cert.c
ssl/ssl_cert.c
+0
-11
ssl/ssl_ciph.c
ssl/ssl_ciph.c
+16
-61
ssl/ssl_err.c
ssl/ssl_err.c
+0
-10
ssl/ssl_lib.c
ssl/ssl_lib.c
+7
-108
ssl/ssl_locl.h
ssl/ssl_locl.h
+9
-72
ssl/statem/statem_clnt.c
ssl/statem/statem_clnt.c
+14
-163
ssl/statem/statem_srvr.c
ssl/statem/statem_srvr.c
+10
-77
ssl/t1_enc.c
ssl/t1_enc.c
+2
-40
test/ssltest.c
test/ssltest.c
+0
-44
util/ssleay.num
util/ssleay.num
+2
-2
未找到文件。
CHANGES
浏览文件 @
361a1191
...
...
@@ -4,6 +4,11 @@
Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
*) Remove support for all 40 and 56 bit ciphers. This includes all the export
ciphers who are no longer supported and drops support the ephemeral RSA key
exchange. The LOW ciphers currently doesn't have any ciphers in it.
[Kurt Roeckx]
*) Added ASYNC support. Libcrypto now includes the async sub-library to enable
cryptographic operations to be performed asynchronously as long as an
asynchronous capable engine is used. See the ASYNC_start_job() man page for
...
...
apps/s_server.c
浏览文件 @
361a1191
...
...
@@ -190,9 +190,6 @@ typedef unsigned int u_int;
# undef FIONBIO
#endif
#ifndef OPENSSL_NO_RSA
static
RSA
*
tmp_rsa_cb
(
SSL
*
s
,
int
is_export
,
int
keylength
);
#endif
static
int
not_resumable_sess_cb
(
SSL
*
s
,
int
is_forward_secure
);
static
int
sv_body
(
char
*
hostname
,
int
s
,
int
stype
,
unsigned
char
*
context
);
static
int
www_body
(
char
*
hostname
,
int
s
,
int
stype
,
unsigned
char
*
context
);
...
...
@@ -807,7 +804,7 @@ typedef enum OPTION_choice {
OPT_DEBUG
,
OPT_TLSEXTDEBUG
,
OPT_STATUS
,
OPT_STATUS_VERBOSE
,
OPT_STATUS_TIMEOUT
,
OPT_STATUS_URL
,
OPT_MSG
,
OPT_MSGFILE
,
OPT_TRACE
,
OPT_SECURITY_DEBUG
,
OPT_SECURITY_DEBUG_VERBOSE
,
OPT_STATE
,
OPT_CRLF
,
OPT_QUIET
,
OPT_BRIEF
,
OPT_NO_
TMP_RSA
,
OPT_NO_
DHE
,
OPT_NO_ECDHE
,
OPT_QUIET
,
OPT_BRIEF
,
OPT_NO_DHE
,
OPT_NO_ECDHE
,
OPT_NO_RESUME_EPHEMERAL
,
OPT_PSK_HINT
,
OPT_PSK
,
OPT_SRPVFILE
,
OPT_SRPUSERSEED
,
OPT_REV
,
OPT_WWW
,
OPT_UPPER_WWW
,
OPT_HTTP
,
OPT_ASYNC
,
OPT_SSL3
,
...
...
@@ -866,7 +863,6 @@ OPTIONS s_server_options[] = {
"Do not load certificates from the default certificates directory"
},
{
"nocert"
,
OPT_NOCERT
,
'-'
,
"Don't use any certificates (Anon-DH)"
},
{
"quiet"
,
OPT_QUIET
,
'-'
,
"No server output"
},
{
"no_tmp_rsa"
,
OPT_NO_TMP_RSA
,
'-'
,
"Do not generate a tmp RSA key"
},
{
"tls1_2"
,
OPT_TLS1_2
,
'-'
,
"just talk TLSv1.2"
},
{
"tls1_1"
,
OPT_TLS1_1
,
'-'
,
"Just talk TLSv1.1"
},
{
"tls1"
,
OPT_TLS1
,
'-'
,
"Just talk TLSv1"
},
...
...
@@ -1004,7 +1000,7 @@ int s_server_main(int argc, char *argv[])
#ifndef OPENSSL_NO_DH
int
no_dhe
=
0
;
#endif
int
no_
tmp_rsa
=
0
,
no_
ecdhe
=
0
,
nocert
=
0
,
ret
=
1
;
int
no_ecdhe
=
0
,
nocert
=
0
,
ret
=
1
;
int
noCApath
=
0
,
noCAfile
=
0
;
int
s_cert_format
=
FORMAT_PEM
,
s_key_format
=
FORMAT_PEM
;
int
s_dcert_format
=
FORMAT_PEM
,
s_dkey_format
=
FORMAT_PEM
;
...
...
@@ -1295,9 +1291,6 @@ int s_server_main(int argc, char *argv[])
case
OPT_BRIEF
:
s_quiet
=
s_brief
=
verify_quiet
=
1
;
break
;
case
OPT_NO_TMP_RSA
:
no_tmp_rsa
=
1
;
break
;
case
OPT_NO_DHE
:
#ifndef OPENSSL_NO_DH
no_dhe
=
1
;
...
...
@@ -1824,13 +1817,6 @@ int s_server_main(int argc, char *argv[])
if
(
!
set_cert_key_stuff
(
ctx
,
s_dcert
,
s_dkey
,
s_dchain
,
build_chain
))
goto
end
;
}
#ifndef OPENSSL_NO_RSA
if
(
!
no_tmp_rsa
)
{
SSL_CTX_set_tmp_rsa_callback
(
ctx
,
tmp_rsa_cb
);
if
(
ctx2
)
SSL_CTX_set_tmp_rsa_callback
(
ctx2
,
tmp_rsa_cb
);
}
#endif
if
(
no_resume_ephemeral
)
{
SSL_CTX_set_not_resumable_session_callback
(
ctx
,
...
...
@@ -3135,35 +3121,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
return
(
ret
);
}
#ifndef OPENSSL_NO_RSA
static
RSA
*
tmp_rsa_cb
(
SSL
*
s
,
int
is_export
,
int
keylength
)
{
BIGNUM
*
bn
=
NULL
;
static
RSA
*
rsa_tmp
=
NULL
;
if
(
!
rsa_tmp
&&
((
bn
=
BN_new
())
==
NULL
))
BIO_printf
(
bio_err
,
"Allocation error in generating RSA key
\n
"
);
if
(
!
rsa_tmp
&&
bn
)
{
if
(
!
s_quiet
)
{
BIO_printf
(
bio_err
,
"Generating temp (%d bit) RSA key..."
,
keylength
);
(
void
)
BIO_flush
(
bio_err
);
}
if
(
!
BN_set_word
(
bn
,
RSA_F4
)
||
((
rsa_tmp
=
RSA_new
())
==
NULL
)
||
!
RSA_generate_key_ex
(
rsa_tmp
,
keylength
,
bn
,
NULL
))
{
RSA_free
(
rsa_tmp
);
rsa_tmp
=
NULL
;
}
if
(
!
s_quiet
)
{
BIO_printf
(
bio_err
,
"
\n
"
);
(
void
)
BIO_flush
(
bio_err
);
}
BN_free
(
bn
);
}
return
(
rsa_tmp
);
}
#endif
#define MAX_SESSION_ID_ATTEMPTS 10
static
int
generate_session_id
(
const
SSL
*
ssl
,
unsigned
char
*
id
,
unsigned
int
*
id_len
)
...
...
demos/easy_tls/easy-tls.c
浏览文件 @
361a1191
...
...
@@ -651,7 +651,6 @@ struct tls_create_ctx_args tls_create_ctx_defaultargs(void)
ret
.
ca_file
=
NULL
;
ret
.
verify_depth
=
-
1
;
ret
.
fail_unless_verified
=
0
;
ret
.
export_p
=
0
;
return
ret
;
}
...
...
@@ -781,20 +780,6 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
/* avoid small subgroup attacks: */
SSL_CTX_set_options
(
ret
,
SSL_OP_SINGLE_DH_USE
);
}
#ifndef NO_RSA
if
(
!
a
.
client_p
&&
a
.
export_p
)
{
RSA
*
tmpkey
;
tmpkey
=
RSA_generate_key
(
512
,
RSA_F4
,
0
,
NULL
);
if
(
tmpkey
==
NULL
)
goto
err
;
if
(
!
SSL_CTX_set_tmp_rsa
(
ret
,
tmpkey
))
{
RSA_free
(
tmpkey
);
goto
err
;
}
RSA_free
(
tmpkey
);
/* SSL_CTX_set_tmp_rsa uses a duplicate. */
}
#endif
return
ret
;
...
...
demos/easy_tls/easy-tls.h
浏览文件 @
361a1191
...
...
@@ -34,7 +34,6 @@ struct tls_create_ctx_args {
const
char
*
ca_file
;
int
verify_depth
;
int
fail_unless_verified
;
int
export_p
;
};
struct
tls_create_ctx_args
tls_create_ctx_defaultargs
(
void
);
/*
...
...
doc/apps/ciphers.pod
浏览文件 @
361a1191
...
...
@@ -168,18 +168,6 @@ encryption.
"low" encryption cipher suites, currently those using 64 or 56 bit encryption
algorithms but excluding export cipher suites.
=item B<EXP>, B<EXPORT>
export encryption algorithms. Including 40 and 56 bits algorithms.
=item B<EXPORT40>
40 bit export encryption algorithms
=item B<EXPORT56>
56 bit export encryption algorithms. This list is empty.
=item B<eNULL>, B<NULL>
the "NULL" ciphers that is those offering no encryption. Because these offer no
...
...
@@ -387,12 +375,9 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
SSL_RSA_WITH_NULL_MD5 NULL-MD5
SSL_RSA_WITH_NULL_SHA NULL-SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
SSL_RSA_WITH_RC4_128_SHA RC4-SHA
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
...
...
@@ -400,16 +385,12 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA
SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-RSA-DES-CBC-SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
...
...
@@ -421,31 +402,22 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
TLS_RSA_WITH_NULL_MD5 NULL-MD5
TLS_RSA_WITH_NULL_SHA NULL-SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
TLS_RSA_WITH_RC4_128_SHA RC4-SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-RSA-DES-CBC-SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
...
...
@@ -511,10 +483,6 @@ algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
Note: these ciphers can also be used in SSL v3.
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
=head2 Elliptic curve cipher suites.
...
...
doc/apps/s_server.pod
浏览文件 @
361a1191
...
...
@@ -66,7 +66,6 @@ B<openssl> B<s_server>
[B<-cipher cipherlist>]
[B<-serverpref>]
[B<-quiet>]
[B<-no_tmp_rsa>]
[B<-ssl3>]
[B<-tls1>]
[B<-dtls>]
...
...
@@ -186,11 +185,6 @@ disabling the ephemeral DH cipher suites.
if this option is set then no ECDH parameters will be loaded effectively
disabling the ephemeral ECDH cipher suites.
=item B<-no_tmp_rsa>
certain export cipher suites sometimes use a temporary RSA key, this option
disables temporary RSA key generation.
=item B<-crl_check>, B<-crl_check_all>
Check the peer certificate has not been revoked by its CA.
...
...
doc/ssl/SSL_CTX_set_cipher_list.pod
浏览文件 @
361a1191
...
...
@@ -37,10 +37,6 @@ ADH ciphers don't need a certificate, but DH-parameters must have been set.
All other ciphers need a corresponding certificate and key.
A RSA cipher can only be chosen, when a RSA certificate is available.
RSA export ciphers with a keylength of 512 bits for the RSA key require
a temporary 512 bit RSA key, as typically the supplied key has a length
of 1024 bit (see
L<SSL_CTX_set_tmp_rsa_callback(3)>).
RSA ciphers using DHE need a certificate and key and additional DH-parameters
(see L<SSL_CTX_set_tmp_dh_callback(3)>).
...
...
@@ -63,7 +59,6 @@ could be selected and 0 on complete failure.
L<ssl(3)>, L<SSL_get_ciphers(3)>,
L<SSL_CTX_use_certificate(3)>,
L<SSL_CTX_set_tmp_rsa_callback(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)>,
L<ciphers(1)>
...
...
doc/ssl/SSL_CTX_set_options.pod
浏览文件 @
361a1191
...
...
@@ -269,7 +269,6 @@ secure renegotiation and 0 if it does not.
L<ssl(3)>, L<SSL_new(3)>, L<SSL_clear(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)>,
L<SSL_CTX_set_tmp_rsa_callback(3)>,
L<dhparam(1)>
=head1 HISTORY
...
...
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
已删除
100644 → 0
浏览文件 @
fe6ef247
=pod
=head1 NAME
SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
long SSL_need_tmp_rsa(SSL *ssl)
RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
=head1 DESCRIPTION
SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be
used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>.
The callback is inherited by all SSL objects newly created from B<ctx>
with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be
B<rsa>. The key is inherited by all SSL objects newly created from B<ctx>
with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed
for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
with a keysize larger than 512 bits is installed.
SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>.
SSL_set_tmp_rsa() sets the key only for B<ssl>.
SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed,
for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
with a keysize larger than 512 bits is installed.
These functions apply to SSL/TLS servers only.
=head1 NOTES
When using a cipher with RSA authentication, an ephemeral RSA key exchange
can take place. In this case the session data are negotiated using the
ephemeral/temporary RSA key and the RSA key supplied and certified
by the certificate chain is only used for signing.
Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
than the usual key length of 1024 bits were created. To use these ciphers
with RSA keys of usual length, an ephemeral key exchange must be performed,
as the normal (certified) key cannot be directly used.
Using ephemeral RSA key exchange yields forward secrecy, as the connection
can only be decrypted, when the RSA key is known. By generating a temporary
RSA key inside the server application that is lost when the application
is left, it becomes impossible for an attacker to decrypt past sessions,
even if he gets hold of the normal (certified) RSA key, as this key was
used for signing only. The downside is that creating a RSA key is
computationally expensive.
Additionally, the use of ephemeral RSA key exchange is only allowed in
the TLS standard, when the RSA key can be used for signing only, that is
for export ciphers. Using ephemeral RSA key exchange for other purposes
violates the standard and can break interoperability with clients.
It is therefore strongly recommended to not use ephemeral RSA key
exchange and use DHE (Ephemeral Diffie-Hellman) key exchange instead
in order to achieve forward secrecy (see
L<SSL_CTX_set_tmp_dh_callback(3)>).
An application may either directly specify the key or can supply the key via a
callback function. The callback approach has the advantage, that the callback
may generate the key only in case it is actually needed. As the generation of a
RSA key is however costly, it will lead to a significant delay in the handshake
procedure. Another advantage of the callback function is that it can supply
keys of different size while the explicit setting of the key is only useful for
key size of 512 bits to satisfy the export restricted ciphers and does give
away key length if a longer key would be allowed.
The B<tmp_rsa_callback> is called with the B<keylength> needed and
the B<is_export> information. The B<is_export> flag is set, when the
ephemeral RSA key exchange is performed with an export cipher.
=head1 EXAMPLES
Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the
generation of a RSA key costs a lot of computer time, they saved for later
reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
respectively are generated.
...
/* Set up ephemeral RSA stuff */
RSA *rsa_512 = NULL;
RSA *rsa_1024 = NULL;
rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
if (rsa_512 == NULL)
evaluate_error_queue();
rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
if (rsa_1024 == NULL)
evaluate_error_queue();
...
RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
{
RSA *rsa_tmp=NULL;
switch (keylength) {
case 512:
if (rsa_512)
rsa_tmp = rsa_512;
else { /* generate on the fly, should not happen in this example */
rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
rsa_512 = rsa_tmp; /* Remember for later reuse */
}
break;
case 1024:
if (rsa_1024)
rsa_tmp=rsa_1024;
else
should_not_happen_in_this_example();
break;
default:
/* Generating a key on the fly is very costly, so use what is there */
if (rsa_1024)
rsa_tmp=rsa_1024;
else
rsa_tmp=rsa_512; /* Use at least a shorter key */
}
return(rsa_tmp);
}
=head1 RETURN VALUES
SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return
diagnostic output.
SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0
on failure. Check the error queue to find out the reason of failure.
SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary
RSA key is needed and 0 otherwise.
=head1 SEE ALSO
L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>,
L<SSL_CTX_set_options(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)>,
L<SSL_new(3)>, L<ciphers(1)>
=cut
doc/ssl/ssl.pod
浏览文件 @
361a1191
...
...
@@ -331,25 +331,6 @@ Use the file path to locate trusted CA certficates.
=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
=item SSL_CTX_set_tmp_rsa_callback
C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
Sets the callback which will be called when a temporary private key is
required. The B<C<export>> flag will be set if the reason for needing
a temp key is that an export ciphersuite is in use, in which case,
B<C<keylength>> will contain the required keylength in bits. Generate a key of
appropriate size (using ???) and return it.
=item SSL_set_tmp_rsa_callback
long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
session instead of a context.
=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
...
...
@@ -713,7 +694,6 @@ L<SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_set_session_id_context(3)>,
L<SSL_CTX_set_ssl_version(3)>,
L<SSL_CTX_set_timeout(3)>,
L<SSL_CTX_set_tmp_rsa_callback(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)>,
L<SSL_CTX_set_verify(3)>,
L<SSL_CTX_use_certificate(3)>,
...
...
include/openssl/ssl.h
浏览文件 @
361a1191
...
...
@@ -181,8 +181,6 @@ extern "C" {
/* These are used to specify which ciphers to use and not to use */
# define SSL_TXT_EXP40 "EXPORT40"
# define SSL_TXT_EXP56 "EXPORT56"
# define SSL_TXT_LOW "LOW"
# define SSL_TXT_MEDIUM "MEDIUM"
# define SSL_TXT_HIGH "HIGH"
...
...
@@ -268,9 +266,6 @@ extern "C" {
# define SSL_TXT_TLSV1_1 "TLSv1.1"
# define SSL_TXT_TLSV1_2 "TLSv1.2"
# define SSL_TXT_EXP "EXP"
# define SSL_TXT_EXPORT "EXPORT"
# define SSL_TXT_ALL "ALL"
/*-
...
...
@@ -1113,11 +1108,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_ERROR_WANT_CONNECT 7
# define SSL_ERROR_WANT_ACCEPT 8
# define SSL_ERROR_WANT_ASYNC 9
# define SSL_CTRL_NEED_TMP_RSA 1
# define SSL_CTRL_SET_TMP_RSA 2
# define SSL_CTRL_SET_TMP_DH 3
# define SSL_CTRL_SET_TMP_ECDH 4
# define SSL_CTRL_SET_TMP_RSA_CB 5
# define SSL_CTRL_SET_TMP_DH_CB 6
# define SSL_CTRL_GET_SESSION_REUSED 8
# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
...
...
@@ -1242,10 +1234,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
# define SSL_total_renegotiations(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
# define SSL_CTX_need_tmp_RSA(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
# define SSL_CTX_set_tmp_rsa(ctx,rsa) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
# define SSL_CTX_set_tmp_dh(ctx,dh) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
...
...
@@ -1254,10 +1242,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
# define SSL_set_dh_auto(s, onoff) \
SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
# define SSL_need_tmp_RSA(ssl) \
SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
# define SSL_set_tmp_rsa(ssl,rsa) \
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
# define SSL_set_tmp_dh(ssl,dh) \
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
# define SSL_set_tmp_ecdh(ssl,ecdh) \
...
...
@@ -1749,15 +1733,6 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
/* NB: the keylength is only applicable when is_export is true */
# ifndef OPENSSL_NO_RSA
void
SSL_CTX_set_tmp_rsa_callback
(
SSL_CTX
*
ctx
,
RSA
*
(
*
cb
)
(
SSL
*
ssl
,
int
is_export
,
int
keylength
));
void
SSL_set_tmp_rsa_callback
(
SSL
*
ssl
,
RSA
*
(
*
cb
)
(
SSL
*
ssl
,
int
is_export
,
int
keylength
));
# endif
# ifndef OPENSSL_NO_DH
void
SSL_CTX_set_tmp_dh_callback
(
SSL_CTX
*
ctx
,
DH
*
(
*
dh
)
(
SSL
*
ssl
,
int
is_export
,
...
...
@@ -2259,7 +2234,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_EE_KEY_TOO_SMALL 399
# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
# define SSL_R_EXTRA_DATA_IN_MESSAGE 153
...
...
@@ -2294,16 +2268,12 @@ void ERR_load_SSL_strings(void);
# define SSL_R_MISSING_DSA_SIGNING_CERT 165
# define SSL_R_MISSING_ECDH_CERT 382
# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381
# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
# define SSL_R_MISSING_RSA_CERTIFICATE 168
# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
# define SSL_R_MISSING_RSA_SIGNING_CERT 170
# define SSL_R_MISSING_SRP_PARAM 358
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
# define SSL_R_MISSING_TMP_RSA_KEY 172
# define SSL_R_MISSING_TMP_RSA_PKEY 173
# define SSL_R_MISSING_VERIFY_MESSAGE 174
# define SSL_R_MULTIPLE_SGC_RESTARTS 346
# define SSL_R_NO_CERTIFICATES_RETURNED 176
...
...
@@ -2395,7 +2365,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
...
...
include/openssl/tls1.h
浏览文件 @
361a1191
...
...
@@ -658,12 +658,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
* using DHE everywhere, though we may indefinitely maintain aliases for
* users or configurations that used "EDH"
*/
# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA"
...
...
ssl/s3_enc.c
浏览文件 @
361a1191
...
...
@@ -197,18 +197,16 @@ int ssl3_change_cipher_state(SSL *s, int which)
unsigned
char
*
p
,
*
mac_secret
;
unsigned
char
exp_key
[
EVP_MAX_KEY_LENGTH
];
unsigned
char
exp_iv
[
EVP_MAX_IV_LENGTH
];
unsigned
char
*
ms
,
*
key
,
*
iv
,
*
er1
,
*
er2
;
unsigned
char
*
ms
,
*
key
,
*
iv
;
EVP_CIPHER_CTX
*
dd
;
const
EVP_CIPHER
*
c
;
#ifndef OPENSSL_NO_COMP
COMP_METHOD
*
comp
;
#endif
const
EVP_MD
*
m
;
EVP_MD_CTX
md
;
int
is_exp
,
n
,
i
,
j
,
k
,
cl
;
int
n
,
i
,
j
,
k
,
cl
;
int
reuse_dd
=
0
;
is_exp
=
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
);
c
=
s
->
s3
->
tmp
.
new_sym_enc
;
m
=
s
->
s3
->
tmp
.
new_hash
;
/* m == NULL will lead to a crash later */
...
...
@@ -295,9 +293,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
if
(
i
<
0
)
goto
err2
;
cl
=
EVP_CIPHER_key_length
(
c
);
j
=
is_exp
?
(
cl
<
SSL_C_EXPORT_KEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
)
?
cl
:
SSL_C_EXPORT_KEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
))
:
cl
;
/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
j
=
cl
;
k
=
EVP_CIPHER_iv_length
(
c
);
if
((
which
==
SSL3_CHANGE_CIPHER_CLIENT_WRITE
)
||
(
which
==
SSL3_CHANGE_CIPHER_SERVER_READ
))
{
...
...
@@ -307,8 +303,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
n
+=
j
+
j
;
iv
=
&
(
p
[
n
]);
n
+=
k
+
k
;
er1
=
&
(
s
->
s3
->
client_random
[
0
]);
er2
=
&
(
s
->
s3
->
server_random
[
0
]);
}
else
{
n
=
i
;
ms
=
&
(
p
[
n
]);
...
...
@@ -317,8 +311,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
n
+=
j
+
k
;
iv
=
&
(
p
[
n
]);
n
+=
k
;
er1
=
&
(
s
->
s3
->
server_random
[
0
]);
er2
=
&
(
s
->
s3
->
client_random
[
0
]);
}
if
(
n
>
s
->
s3
->
tmp
.
key_block_length
)
{
...
...
@@ -326,28 +318,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto
err2
;
}
EVP_MD_CTX_init
(
&
md
);
memcpy
(
mac_secret
,
ms
,
i
);
if
(
is_exp
)
{
/*
* In here I set both the read and write key/iv to the same value
* since only the correct one will be used :-).
*/
EVP_DigestInit_ex
(
&
md
,
EVP_md5
(),
NULL
);
EVP_DigestUpdate
(
&
md
,
key
,
j
);
EVP_DigestUpdate
(
&
md
,
er1
,
SSL3_RANDOM_SIZE
);
EVP_DigestUpdate
(
&
md
,
er2
,
SSL3_RANDOM_SIZE
);
EVP_DigestFinal_ex
(
&
md
,
&
(
exp_key
[
0
]),
NULL
);
key
=
&
(
exp_key
[
0
]);
if
(
k
>
0
)
{
EVP_DigestInit_ex
(
&
md
,
EVP_md5
(),
NULL
);
EVP_DigestUpdate
(
&
md
,
er1
,
SSL3_RANDOM_SIZE
);
EVP_DigestUpdate
(
&
md
,
er2
,
SSL3_RANDOM_SIZE
);
EVP_DigestFinal_ex
(
&
md
,
&
(
exp_iv
[
0
]),
NULL
);
iv
=
&
(
exp_iv
[
0
]);
}
}
EVP_CipherInit_ex
(
dd
,
c
,
NULL
,
key
,
iv
,
(
which
&
SSL3_CC_WRITE
));
...
...
@@ -370,7 +341,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
OPENSSL_cleanse
(
exp_key
,
sizeof
(
exp_key
));
OPENSSL_cleanse
(
exp_iv
,
sizeof
(
exp_iv
));
EVP_MD_CTX_cleanup
(
&
md
);
return
(
1
);
err:
SSLerr
(
SSL_F_SSL3_CHANGE_CIPHER_STATE
,
ERR_R_MALLOC_FAILURE
);
...
...
ssl/s3_lib.c
浏览文件 @
361a1191
此差异已折叠。
点击以展开。
ssl/ssl_cert.c
浏览文件 @
361a1191
...
...
@@ -195,14 +195,6 @@ CERT *ssl_cert_dup(CERT *cert)
ret
->
references
=
1
;
ret
->
key
=
&
ret
->
pkeys
[
cert
->
key
-
cert
->
pkeys
];
#ifndef OPENSSL_NO_RSA
if
(
cert
->
rsa_tmp
!=
NULL
)
{
RSA_up_ref
(
cert
->
rsa_tmp
);
ret
->
rsa_tmp
=
cert
->
rsa_tmp
;
}
ret
->
rsa_tmp_cb
=
cert
->
rsa_tmp_cb
;
#endif
#ifndef OPENSSL_NO_DH
if
(
cert
->
dh_tmp
!=
NULL
)
{
ret
->
dh_tmp
=
DHparams_dup
(
cert
->
dh_tmp
);
...
...
@@ -377,9 +369,6 @@ void ssl_cert_free(CERT *c)
}
#endif
#ifndef OPENSSL_NO_RSA
RSA_free
(
c
->
rsa_tmp
);
#endif
#ifndef OPENSSL_NO_DH
DH_free
(
c
->
dh_tmp
);
#endif
...
...
ssl/ssl_ciph.c
浏览文件 @
361a1191
...
...
@@ -399,13 +399,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{
0
,
"TLSv1.0"
,
0
,
0
,
0
,
0
,
0
,
SSL_TLSV1
,
0
,
0
,
0
,
0
},
{
0
,
SSL_TXT_TLSV1_2
,
0
,
0
,
0
,
0
,
0
,
SSL_TLSV1_2
,
0
,
0
,
0
,
0
},
/* export flag */
{
0
,
SSL_TXT_EXP
,
0
,
0
,
0
,
0
,
0
,
0
,
SSL_EXPORT
,
0
,
0
,
0
},
{
0
,
SSL_TXT_EXPORT
,
0
,
0
,
0
,
0
,
0
,
0
,
SSL_EXPORT
,
0
,
0
,
0
},
/* strength classes */
{
0
,
SSL_TXT_EXP40
,
0
,
0
,
0
,
0
,
0
,
0
,
SSL_EXP40
,
0
,
0
,
0
},
{
0
,
SSL_TXT_EXP56
,
0
,
0
,
0
,
0
,
0
,
0
,
SSL_EXP56
,
0
,
0
,
0
},
{
0
,
SSL_TXT_LOW
,
0
,
0
,
0
,
0
,
0
,
0
,
SSL_LOW
,
0
,
0
,
0
},
{
0
,
SSL_TXT_MEDIUM
,
0
,
0
,
0
,
0
,
0
,
0
,
SSL_MEDIUM
,
0
,
0
,
0
},
{
0
,
SSL_TXT_HIGH
,
0
,
0
,
0
,
0
,
0
,
0
,
SSL_HIGH
,
0
,
0
,
0
},
...
...
@@ -413,24 +407,12 @@ static const SSL_CIPHER cipher_aliases[] = {
{
0
,
SSL_TXT_FIPS
,
0
,
0
,
0
,
~
SSL_eNULL
,
0
,
0
,
SSL_FIPS
,
0
,
0
,
0
},
/* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
{
0
,
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA
,
0
,
SSL_kDHE
,
SSL_aDSS
,
SSL_DES
,
SSL_SHA1
,
SSL_SSLV3
,
SSL_EXPORT
|
SSL_EXP40
,
0
,
0
,
0
,},
{
0
,
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA
,
0
,
SSL_kDHE
,
SSL_aDSS
,
SSL_DES
,
SSL_SHA1
,
SSL_SSLV3
,
SSL_NOT_EXP
|
SSL_LOW
,
0
,
0
,
0
,},
{
0
,
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA
,
0
,
SSL_kDHE
,
SSL_aDSS
,
SSL_3DES
,
SSL_SHA1
,
SSL_SSLV3
,
SSL_NOT_EXP
|
SSL_HIGH
|
SSL_FIPS
,
0
,
0
,
0
,},
{
0
,
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA
,
0
,
SSL_kDHE
,
SSL_aRSA
,
SSL_DES
,
SSL_SHA1
,
SSL_SSLV3
,
SSL_EXPORT
|
SSL_EXP40
,
0
,
0
,
0
,},
{
0
,
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA
,
0
,
SSL_kDHE
,
SSL_aRSA
,
SSL_DES
,
SSL_SHA1
,
SSL_SSLV3
,
SSL_NOT_EXP
|
SSL_LOW
,
0
,
0
,
0
,},
SSL_HIGH
|
SSL_FIPS
,
0
,
0
,
0
,},
{
0
,
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA
,
0
,
SSL_kDHE
,
SSL_aRSA
,
SSL_3DES
,
SSL_SHA1
,
SSL_SSLV3
,
SSL_
NOT_EXP
|
SSL_
HIGH
|
SSL_FIPS
,
0
,
0
,
0
,},
SSL_HIGH
|
SSL_FIPS
,
0
,
0
,
0
,},
};
...
...
@@ -982,11 +964,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
continue
;
if
(
alg_ssl
&&
!
(
alg_ssl
&
cp
->
algorithm_ssl
))
continue
;
if
((
algo_strength
&
SSL_EXP_MASK
)
&&
!
(
algo_strength
&
SSL_EXP_MASK
&
cp
->
algo_strength
))
continue
;
if
((
algo_strength
&
SSL_STRONG_MASK
)
&&
!
(
algo_strength
&
SSL_STRONG_MASK
&
cp
->
algo_strength
))
if
(
algo_strength
&&
!
(
algo_strength
&
cp
->
algo_strength
))
continue
;
if
((
algo_strength
&
SSL_DEFAULT_MASK
)
&&
!
(
algo_strength
&
SSL_DEFAULT_MASK
&
cp
->
algo_strength
))
...
...
@@ -1249,31 +1227,15 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
alg_mac
=
ca_list
[
j
]
->
algorithm_mac
;
}
if
(
ca_list
[
j
]
->
algo_strength
&
SSL_EXP_MASK
)
{
if
(
algo_strength
&
SSL_EXP_MASK
)
{
algo_strength
&=
(
ca_list
[
j
]
->
algo_strength
&
SSL_EXP_MASK
)
|
~
SSL_EXP_MASK
;
if
(
!
(
algo_strength
&
SSL_EXP_MASK
))
{
found
=
0
;
break
;
}
}
else
algo_strength
|=
ca_list
[
j
]
->
algo_strength
&
SSL_EXP_MASK
;
}
if
(
ca_list
[
j
]
->
algo_strength
&
SSL_STRONG_MASK
)
{
if
(
algo_strength
&
SSL_STRONG_MASK
)
{
algo_strength
&=
(
ca_list
[
j
]
->
algo_strength
&
SSL_STRONG_MASK
)
|
~
SSL_STRONG_MASK
;
if
(
!
(
algo_strength
&
SSL_STRONG_MASK
))
{
if
(
ca_list
[
j
]
->
algo_strength
)
{
if
(
algo_strength
)
{
algo_strength
&=
ca_list
[
j
]
->
algo_strength
;
if
(
!
algo_strength
)
{
found
=
0
;
break
;
}
}
else
algo_strength
|=
ca_list
[
j
]
->
algo_strength
&
SSL_STRONG_MASK
;
algo_strength
=
ca_list
[
j
]
->
algo_strength
;
}
if
(
ca_list
[
j
]
->
algo_strength
&
SSL_DEFAULT_MASK
)
{
...
...
@@ -1625,12 +1587,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
char
*
SSL_CIPHER_description
(
const
SSL_CIPHER
*
cipher
,
char
*
buf
,
int
len
)
{
int
is_export
,
pkl
,
kl
;
const
char
*
ver
,
*
exp_str
;
const
char
*
ver
;
const
char
*
kx
,
*
au
,
*
enc
,
*
mac
;
uint32_t
alg_mkey
,
alg_auth
,
alg_enc
,
alg_mac
,
alg_ssl
;
static
const
char
*
format
=
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s
%s
\n
"
;
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s
\n
"
;
alg_mkey
=
cipher
->
algorithm_mkey
;
alg_auth
=
cipher
->
algorithm_auth
;
...
...
@@ -1638,11 +1599,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
alg_mac
=
cipher
->
algorithm_mac
;
alg_ssl
=
cipher
->
algorithm_ssl
;
is_export
=
SSL_C_IS_EXPORT
(
cipher
);
pkl
=
SSL_C_EXPORT_PKEYLENGTH
(
cipher
);
kl
=
SSL_C_EXPORT_KEYLENGTH
(
cipher
);
exp_str
=
is_export
?
" export"
:
""
;
if
(
alg_ssl
&
SSL_SSLV3
)
ver
=
"SSLv3"
;
else
if
(
alg_ssl
&
SSL_TLSV1
)
...
...
@@ -1654,7 +1610,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
switch
(
alg_mkey
)
{
case
SSL_kRSA
:
kx
=
is_export
?
(
pkl
==
512
?
"RSA(512)"
:
"RSA(1024)"
)
:
"RSA"
;
kx
=
"RSA"
;
break
;
case
SSL_kDHr
:
kx
=
"DH/RSA"
;
...
...
@@ -1663,7 +1619,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
kx
=
"DH/DSS"
;
break
;
case
SSL_kDHE
:
kx
=
is_export
?
(
pkl
==
512
?
"DH(512)"
:
"DH(1024)"
)
:
"DH"
;
kx
=
"DH"
;
break
;
case
SSL_kECDHr
:
kx
=
"ECDH/RSA"
;
...
...
@@ -1735,16 +1691,16 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
switch
(
alg_enc
)
{
case
SSL_DES
:
enc
=
(
is_export
&&
kl
==
5
)
?
"DES(40)"
:
"DES(56)"
;
enc
=
"DES(56)"
;
break
;
case
SSL_3DES
:
enc
=
"3DES(168)"
;
break
;
case
SSL_RC4
:
enc
=
is_export
?
(
kl
==
5
?
"RC4(40)"
:
"RC4(56)"
)
:
"RC4(128)"
;
enc
=
"RC4(128)"
;
break
;
case
SSL_RC2
:
enc
=
is_export
?
(
kl
==
5
?
"RC2(40)"
:
"RC2(56)"
)
:
"RC2(128)"
;
enc
=
"RC2(128)"
;
break
;
case
SSL_IDEA
:
enc
=
"IDEA(128)"
;
...
...
@@ -1834,8 +1790,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
}
else
if
(
len
<
128
)
return
(
"Buffer too small"
);
BIO_snprintf
(
buf
,
len
,
format
,
cipher
->
name
,
ver
,
kx
,
au
,
enc
,
mac
,
exp_str
);
BIO_snprintf
(
buf
,
len
,
format
,
cipher
->
name
,
ver
,
kx
,
au
,
enc
,
mac
);
return
(
buf
);
}
...
...
ssl/ssl_err.c
浏览文件 @
361a1191
...
...
@@ -517,8 +517,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"empty srtp protection profile list"
},
{
ERR_REASON
(
SSL_R_ENCRYPTED_LENGTH_TOO_LONG
),
"encrypted length too long"
},
{
ERR_REASON
(
SSL_R_ERROR_GENERATING_TMP_RSA_KEY
),
"error generating tmp rsa key"
},
{
ERR_REASON
(
SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST
),
"error in received cipher list"
},
{
ERR_REASON
(
SSL_R_EXCESSIVE_MESSAGE_SIZE
),
"excessive message size"
},
...
...
@@ -559,10 +557,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{
ERR_REASON
(
SSL_R_MISSING_ECDH_CERT
),
"missing ecdh cert"
},
{
ERR_REASON
(
SSL_R_MISSING_ECDSA_SIGNING_CERT
),
"missing ecdsa signing cert"
},
{
ERR_REASON
(
SSL_R_MISSING_EXPORT_TMP_DH_KEY
),
"missing export tmp dh key"
},
{
ERR_REASON
(
SSL_R_MISSING_EXPORT_TMP_RSA_KEY
),
"missing export tmp rsa key"
},
{
ERR_REASON
(
SSL_R_MISSING_RSA_CERTIFICATE
),
"missing rsa certificate"
},
{
ERR_REASON
(
SSL_R_MISSING_RSA_ENCRYPTING_CERT
),
"missing rsa encrypting cert"
},
...
...
@@ -570,8 +564,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{
ERR_REASON
(
SSL_R_MISSING_SRP_PARAM
),
"can't find SRP server param"
},
{
ERR_REASON
(
SSL_R_MISSING_TMP_DH_KEY
),
"missing tmp dh key"
},
{
ERR_REASON
(
SSL_R_MISSING_TMP_ECDH_KEY
),
"missing tmp ecdh key"
},
{
ERR_REASON
(
SSL_R_MISSING_TMP_RSA_KEY
),
"missing tmp rsa key"
},
{
ERR_REASON
(
SSL_R_MISSING_TMP_RSA_PKEY
),
"missing tmp rsa pkey"
},
{
ERR_REASON
(
SSL_R_MISSING_VERIFY_MESSAGE
),
"missing verify message"
},
{
ERR_REASON
(
SSL_R_MULTIPLE_SGC_RESTARTS
),
"multiple sgc restarts"
},
{
ERR_REASON
(
SSL_R_NO_CERTIFICATES_RETURNED
),
"no certificates returned"
},
...
...
@@ -705,8 +697,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"tlsv1 alert decryption failed"
},
{
ERR_REASON
(
SSL_R_TLSV1_ALERT_DECRYPT_ERROR
),
"tlsv1 alert decrypt error"
},
{
ERR_REASON
(
SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION
),
"tlsv1 alert export restriction"
},
{
ERR_REASON
(
SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK
),
"tlsv1 alert inappropriate fallback"
},
{
ERR_REASON
(
SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY
),
...
...
ssl/ssl_lib.c
浏览文件 @
361a1191
...
...
@@ -2004,65 +2004,44 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
CERT_PKEY
*
cpk
;
CERT
*
c
=
s
->
cert
;
uint32_t
*
pvalid
=
s
->
s3
->
tmp
.
valid_flags
;
int
rsa_enc
,
rsa_tmp
,
rsa_sign
,
dh_tmp
,
dh_rsa
,
dh_dsa
,
dsa_sign
;
int
rsa_enc_export
,
dh_rsa_export
,
dh_dsa_export
;
int
rsa_tmp_export
,
dh_tmp_export
,
kl
;
unsigned
long
mask_k
,
mask_a
,
emask_k
,
emask_a
;
int
rsa_enc
,
rsa_sign
,
dh_tmp
,
dh_rsa
,
dh_dsa
,
dsa_sign
;
unsigned
long
mask_k
,
mask_a
;
#ifndef OPENSSL_NO_EC
int
have_ecc_cert
,
ecdsa_ok
,
ecc_pkey_size
;
int
have_ecc_cert
,
ecdsa_ok
;
int
ecdh_ok
;
X509
*
x
=
NULL
;
EVP_PKEY
*
ecc_pkey
=
NULL
;
int
pk_nid
=
0
,
md_nid
=
0
;
#endif
if
(
c
==
NULL
)
return
;
kl
=
SSL_C_EXPORT_PKEYLENGTH
(
cipher
);
#ifndef OPENSSL_NO_RSA
rsa_tmp
=
(
c
->
rsa_tmp
!=
NULL
||
c
->
rsa_tmp_cb
!=
NULL
);
rsa_tmp_export
=
(
c
->
rsa_tmp_cb
!=
NULL
||
(
rsa_tmp
&&
RSA_size
(
c
->
rsa_tmp
)
*
8
<=
kl
));
#else
rsa_tmp
=
rsa_tmp_export
=
0
;
#endif
#ifndef OPENSSL_NO_DH
dh_tmp
=
(
c
->
dh_tmp
!=
NULL
||
c
->
dh_tmp_cb
!=
NULL
||
c
->
dh_tmp_auto
);
dh_tmp_export
=
!
c
->
dh_tmp_auto
&&
(
c
->
dh_tmp_cb
!=
NULL
||
(
dh_tmp
&&
DH_size
(
c
->
dh_tmp
)
*
8
<=
kl
));
#else
dh_tmp
=
dh_tmp_export
=
0
;
dh_tmp
=
0
;
#endif
cpk
=
&
(
c
->
pkeys
[
SSL_PKEY_RSA_ENC
]);
rsa_enc
=
pvalid
[
SSL_PKEY_RSA_ENC
]
&
CERT_PKEY_VALID
;
rsa_enc_export
=
(
rsa_enc
&&
EVP_PKEY_size
(
cpk
->
privatekey
)
*
8
<=
kl
);
cpk
=
&
(
c
->
pkeys
[
SSL_PKEY_RSA_SIGN
]);
rsa_sign
=
pvalid
[
SSL_PKEY_RSA_SIGN
]
&
CERT_PKEY_SIGN
;
cpk
=
&
(
c
->
pkeys
[
SSL_PKEY_DSA_SIGN
]);
dsa_sign
=
pvalid
[
SSL_PKEY_DSA_SIGN
]
&
CERT_PKEY_SIGN
;
cpk
=
&
(
c
->
pkeys
[
SSL_PKEY_DH_RSA
]);
dh_rsa
=
pvalid
[
SSL_PKEY_DH_RSA
]
&
CERT_PKEY_VALID
;
dh_rsa_export
=
(
dh_rsa
&&
EVP_PKEY_size
(
cpk
->
privatekey
)
*
8
<=
kl
);
cpk
=
&
(
c
->
pkeys
[
SSL_PKEY_DH_DSA
]);
dh_dsa
=
pvalid
[
SSL_PKEY_DH_DSA
]
&
CERT_PKEY_VALID
;
dh_dsa_export
=
(
dh_dsa
&&
EVP_PKEY_size
(
cpk
->
privatekey
)
*
8
<=
kl
);
cpk
=
&
(
c
->
pkeys
[
SSL_PKEY_ECC
]);
#ifndef OPENSSL_NO_EC
have_ecc_cert
=
pvalid
[
SSL_PKEY_ECC
]
&
CERT_PKEY_VALID
;
#endif
mask_k
=
0
;
mask_a
=
0
;
emask_k
=
0
;
emask_a
=
0
;
#ifdef CIPHER_DEBUG
fprintf
(
stderr
,
"rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d
\n
"
,
rsa_tmp
,
rsa_tmp_export
,
dh_tmp
,
rsa_enc
,
rsa_enc_export
,
rsa_sign
,
dsa_sign
,
dh_rsa
,
dh_dsa
);
"dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d
\n
"
,
dh_tmp
,
rsa_enc
,
rsa_sign
,
dsa_sign
,
dh_rsa
,
dh_dsa
);
#endif
#ifndef OPENSSL_NO_GOST
...
...
@@ -2083,42 +2062,30 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
}
#endif
if
(
rsa_enc
||
(
rsa_tmp
&&
rsa_sign
)
)
if
(
rsa_enc
)
mask_k
|=
SSL_kRSA
;
if
(
rsa_enc_export
||
(
rsa_tmp_export
&&
(
rsa_sign
||
rsa_enc
)))
emask_k
|=
SSL_kRSA
;
if
(
dh_tmp_export
)
emask_k
|=
SSL_kDHE
;
if
(
dh_tmp
)
mask_k
|=
SSL_kDHE
;
if
(
dh_rsa
)
mask_k
|=
SSL_kDHr
;
if
(
dh_rsa_export
)
emask_k
|=
SSL_kDHr
;
if
(
dh_dsa
)
mask_k
|=
SSL_kDHd
;
if
(
dh_dsa_export
)
emask_k
|=
SSL_kDHd
;
if
(
mask_k
&
(
SSL_kDHr
|
SSL_kDHd
))
mask_a
|=
SSL_aDH
;
if
(
rsa_enc
||
rsa_sign
)
{
mask_a
|=
SSL_aRSA
;
emask_a
|=
SSL_aRSA
;
}
if
(
dsa_sign
)
{
mask_a
|=
SSL_aDSS
;
emask_a
|=
SSL_aDSS
;
}
mask_a
|=
SSL_aNULL
;
emask_a
|=
SSL_aNULL
;
/*
* An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
...
...
@@ -2134,47 +2101,32 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
ecdsa_ok
=
ex_kusage
&
X509v3_KU_DIGITAL_SIGNATURE
;
if
(
!
(
pvalid
[
SSL_PKEY_ECC
]
&
CERT_PKEY_SIGN
))
ecdsa_ok
=
0
;
ecc_pkey
=
X509_get_pubkey
(
x
);
ecc_pkey_size
=
(
ecc_pkey
!=
NULL
)
?
EVP_PKEY_bits
(
ecc_pkey
)
:
0
;
EVP_PKEY_free
(
ecc_pkey
);
OBJ_find_sigid_algs
(
X509_get_signature_nid
(
x
),
&
md_nid
,
&
pk_nid
);
if
(
ecdh_ok
)
{
if
(
pk_nid
==
NID_rsaEncryption
||
pk_nid
==
NID_rsa
)
{
mask_k
|=
SSL_kECDHr
;
mask_a
|=
SSL_aECDH
;
if
(
ecc_pkey_size
<=
163
)
{
emask_k
|=
SSL_kECDHr
;
emask_a
|=
SSL_aECDH
;
}
}
if
(
pk_nid
==
NID_X9_62_id_ecPublicKey
)
{
mask_k
|=
SSL_kECDHe
;
mask_a
|=
SSL_aECDH
;
if
(
ecc_pkey_size
<=
163
)
{
emask_k
|=
SSL_kECDHe
;
emask_a
|=
SSL_aECDH
;
}
}
}
if
(
ecdsa_ok
)
{
mask_a
|=
SSL_aECDSA
;
emask_a
|=
SSL_aECDSA
;
}
}
#endif
#ifndef OPENSSL_NO_EC
mask_k
|=
SSL_kECDHE
;
emask_k
|=
SSL_kECDHE
;
#endif
#ifndef OPENSSL_NO_PSK
mask_k
|=
SSL_kPSK
;
mask_a
|=
SSL_aPSK
;
emask_k
|=
SSL_kPSK
;
emask_a
|=
SSL_aPSK
;
if
(
mask_k
&
SSL_kRSA
)
mask_k
|=
SSL_kRSAPSK
;
if
(
mask_k
&
SSL_kDHE
)
...
...
@@ -2185,8 +2137,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
s
->
s3
->
tmp
.
mask_k
=
mask_k
;
s
->
s3
->
tmp
.
mask_a
=
mask_a
;
s
->
s3
->
tmp
.
export_mask_k
=
emask_k
;
s
->
s3
->
tmp
.
export_mask_a
=
emask_a
;
}
#ifndef OPENSSL_NO_EC
...
...
@@ -2194,8 +2144,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
int
ssl_check_srvr_ecc_cert_and_alg
(
X509
*
x
,
SSL
*
s
)
{
unsigned
long
alg_k
,
alg_a
;
EVP_PKEY
*
pkey
=
NULL
;
int
keysize
=
0
;
int
md_nid
=
0
,
pk_nid
=
0
;
const
SSL_CIPHER
*
cs
=
s
->
s3
->
tmp
.
new_cipher
;
uint32_t
ex_kusage
=
X509_get_key_usage
(
x
);
...
...
@@ -2203,17 +2151,6 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
alg_k
=
cs
->
algorithm_mkey
;
alg_a
=
cs
->
algorithm_auth
;
if
(
SSL_C_IS_EXPORT
(
cs
))
{
/* ECDH key length in export ciphers must be <= 163 bits */
pkey
=
X509_get_pubkey
(
x
);
if
(
pkey
==
NULL
)
return
0
;
keysize
=
EVP_PKEY_bits
(
pkey
);
EVP_PKEY_free
(
pkey
);
if
(
keysize
>
163
)
return
0
;
}
OBJ_find_sigid_algs
(
X509_get_signature_nid
(
x
),
&
md_nid
,
&
pk_nid
);
if
(
alg_k
&
SSL_kECDHe
||
alg_k
&
SSL_kECDHr
)
{
...
...
@@ -3078,44 +3015,6 @@ int SSL_want(const SSL *s)
return
(
s
->
rwstate
);
}
/**
* \brief Set the callback for generating temporary RSA keys.
* \param ctx the SSL context.
* \param cb the callback
*/
#ifndef OPENSSL_NO_RSA
void
SSL_CTX_set_tmp_rsa_callback
(
SSL_CTX
*
ctx
,
RSA
*
(
*
cb
)
(
SSL
*
ssl
,
int
is_export
,
int
keylength
))
{
SSL_CTX_callback_ctrl
(
ctx
,
SSL_CTRL_SET_TMP_RSA_CB
,
(
void
(
*
)(
void
))
cb
);
}
void
SSL_set_tmp_rsa_callback
(
SSL
*
ssl
,
RSA
*
(
*
cb
)
(
SSL
*
ssl
,
int
is_export
,
int
keylength
))
{
SSL_callback_ctrl
(
ssl
,
SSL_CTRL_SET_TMP_RSA_CB
,
(
void
(
*
)(
void
))
cb
);
}
#endif
#ifdef DOXYGEN
/**
* \brief The RSA temporary key callback function.
* \param ssl the SSL session.
* \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
* \param keylength if \c is_export is \c TRUE, then \c keylength is the size
* of the required key in bits.
* \return the temporary RSA key.
* \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
*/
RSA
*
cb
(
SSL
*
ssl
,
int
is_export
,
int
keylength
)
{
}
#endif
/**
* \brief Set the callback for generating temporary DH keys.
* \param ctx the SSL context.
...
...
ssl/ssl_locl.h
浏览文件 @
361a1191
...
...
@@ -438,68 +438,16 @@
*/
# define TLS1_STREAM_MAC 0x10000
/*
* Export and cipher strength information. For each cipher we have to decide
* whether it is exportable or not. This information is likely to change
* over time, since the export control rules are no static technical issue.
*
* Independent of the export flag the cipher strength is sorted into classes.
* SSL_EXP40 was denoting the 40bit US export limit of past times, which now
* is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
* again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
* since SSL_EXP64 could be similar to SSL_LOW.
* For this reason SSL_MICRO and SSL_MINI macros are included to widen the
* namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
* and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
* be possible.
*/
# define SSL_EXP_MASK 0x00000003U
# define SSL_STRONG_MASK 0x000001fcU
# define SSL_DEFAULT_MASK 0X00000200U
# define SSL_NOT_EXP 0x00000001U
# define SSL_EXPORT 0x00000002U
# define SSL_STRONG_NONE 0x00000004U
# define SSL_EXP40 0x00000008U
# define SSL_MICRO (SSL_EXP40)
# define SSL_EXP56 0x00000010U
# define SSL_MINI (SSL_EXP56)
# define SSL_LOW 0x00000020U
# define SSL_MEDIUM 0x00000040U
# define SSL_HIGH 0x00000080U
# define SSL_FIPS 0x00000100U
# define SSL_NOT_DEFAULT 0x00000200U
# define SSL_DEFAULT_MASK 0X00000020U
/* we have used 000003ff - 22 bits left to go */
# define SSL_STRONG_NONE 0x00000001U
# define SSL_LOW 0x00000002U
# define SSL_MEDIUM 0x00000004U
# define SSL_HIGH 0x00000008U
# define SSL_FIPS 0x00000010U
# define SSL_NOT_DEFAULT 0x00000020U
/*-
* Macros to check the export status and cipher strength for export ciphers.
* Even though the macros for EXPORT and EXPORT40/56 have similar names,
* their meaning is different:
* *_EXPORT macros check the 'exportable' status.
* *_EXPORT40/56 macros are used to check whether a certain cipher strength
* is given.
* Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
* algorithm structure element to be passed (algorithms, algo_strength) and no
* typechecking can be done as they are all of type unsigned long, their
* direct usage is discouraged.
* Use the SSL_C_* macros instead.
*/
# define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
# define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
# define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
# define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
# define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
# define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
# define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
(a) == SSL_DES ? 8 : 7)
# define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
# define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
(c)->algo_strength)
# define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
/* we have used 0000003f - 26 bits left to go */
/* Check if an SSL structure is using DTLS */
# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
...
...
@@ -550,8 +498,7 @@
# define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1
/*-
* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
* SSL_kRSA <- RSA_ENC
* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
* SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
* SSL_aRSA <- RSA_ENC | RSA_SIGN
...
...
@@ -1300,7 +1247,6 @@ typedef struct ssl3_state_st {
int
ctype_num
;
char
ctype
[
SSL3_CT_NUMBER
];
STACK_OF
(
X509_NAME
)
*
ca_names
;
int
use_rsa_tmp
;
int
key_block_length
;
unsigned
char
*
key_block
;
const
EVP_CIPHER
*
new_sym_enc
;
...
...
@@ -1349,8 +1295,6 @@ typedef struct ssl3_state_st {
*/
uint32_t
mask_k
;
uint32_t
mask_a
;
uint32_t
export_mask_k
;
uint32_t
export_mask_a
;
/* Client only */
uint32_t
mask_ssl
;
}
tmp
;
...
...
@@ -1392,9 +1336,6 @@ typedef struct ssl3_state_st {
# endif
/* !OPENSSL_NO_EC */
/* For clients: peer temporary key */
# ifndef OPENSSL_NO_RSA
RSA
*
peer_rsa_tmp
;
# endif
# ifndef OPENSSL_NO_DH
DH
*
peer_dh_tmp
;
# endif
...
...
@@ -1559,10 +1500,6 @@ typedef struct cert_st {
* an index, not a pointer.
*/
CERT_PKEY
*
key
;
# ifndef OPENSSL_NO_RSA
RSA
*
rsa_tmp
;
RSA
*
(
*
rsa_tmp_cb
)
(
SSL
*
ssl
,
int
is_export
,
int
keysize
);
# endif
# ifndef OPENSSL_NO_DH
DH
*
dh_tmp
;
DH
*
(
*
dh_tmp_cb
)
(
SSL
*
ssl
,
int
is_export
,
int
keysize
);
...
...
ssl/statem/statem_clnt.c
浏览文件 @
361a1191
...
...
@@ -211,30 +211,6 @@ static int key_exchange_expected(SSL *s)
return
1
;
}
/*
* Export ciphersuites may have temporary RSA keys if the public key in the
* server certificate is longer than the maximum export strength
*/
if
((
alg_k
&
SSL_kRSA
)
&&
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
))
{
EVP_PKEY
*
pkey
;
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
if
(
pkey
==
NULL
)
return
-
1
;
/*
* If the public key in the certificate is shorter than or equal to the
* maximum export strength then a temporary RSA key is not allowed
*/
if
(
EVP_PKEY_bits
(
pkey
)
<=
SSL_C_EXPORT_PKEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
))
return
0
;
EVP_PKEY_free
(
pkey
);
return
1
;
}
return
0
;
}
...
...
@@ -1622,10 +1598,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
save_param_start
=
*
pkt
;
#ifndef OPENSSL_NO_RSA
RSA_free
(
s
->
s3
->
peer_rsa_tmp
);
s
->
s3
->
peer_rsa_tmp
=
NULL
;
#endif
#ifndef OPENSSL_NO_DH
DH_free
(
s
->
s3
->
peer_dh_tmp
);
s
->
s3
->
peer_dh_tmp
=
NULL
;
...
...
@@ -1709,51 +1681,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
/* We must check if there is a certificate */
if
(
alg_a
&
(
SSL_aRSA
|
SSL_aDSS
))
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
}
else
#endif
/* !OPENSSL_NO_SRP */
#ifndef OPENSSL_NO_RSA
if
(
alg_k
&
SSL_kRSA
)
{
PACKET
mod
,
exp
;
/* Temporary RSA keys only allowed in export ciphersuites */
if
(
!
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
))
{
al
=
SSL_AD_UNEXPECTED_MESSAGE
;
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
SSL_R_UNEXPECTED_MESSAGE
);
goto
f_err
;
}
if
(
!
PACKET_get_length_prefixed_2
(
pkt
,
&
mod
)
||
!
PACKET_get_length_prefixed_2
(
pkt
,
&
exp
))
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
SSL_R_LENGTH_MISMATCH
);
goto
f_err
;
}
if
((
rsa
=
RSA_new
())
==
NULL
)
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
if
((
rsa
->
n
=
BN_bin2bn
(
PACKET_data
(
&
mod
),
PACKET_remaining
(
&
mod
),
rsa
->
n
))
==
NULL
||
(
rsa
->
e
=
BN_bin2bn
(
PACKET_data
(
&
exp
),
PACKET_remaining
(
&
exp
),
rsa
->
e
))
==
NULL
)
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_BN_LIB
);
goto
err
;
}
/* this should be because we are using an export cipher */
if
(
alg_a
&
SSL_aRSA
)
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
else
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
s
->
s3
->
peer_rsa_tmp
=
rsa
;
rsa
=
NULL
;
}
#else
/* OPENSSL_NO_RSA */
if
(
0
)
;
#endif
#endif
/* !OPENSSL_NO_SRP */
#ifndef OPENSSL_NO_DH
else
if
(
alg_k
&
(
SSL_kDHE
|
SSL_kDHEPSK
))
{
PACKET
prime
,
generator
,
pub_key
;
...
...
@@ -1850,14 +1779,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
group
=
EC_KEY_get0_group
(
ecdh
);
if
(
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
)
&&
(
EC_GROUP_get_degree
(
group
)
>
163
))
{
al
=
SSL_AD_EXPORT_RESTRICTION
;
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER
);
goto
f_err
;
}
/* Next, get the encoded ECPoint */
if
(((
srvr_ecpoint
=
EC_POINT_new
(
group
))
==
NULL
)
||
((
bn_ctx
=
BN_CTX_new
())
==
NULL
))
{
...
...
@@ -2445,20 +2366,16 @@ psk_err:
goto
err
;
}
if
(
s
->
s3
->
peer_rsa_tmp
!=
NULL
)
rsa
=
s
->
s3
->
peer_rsa_tmp
;
else
{
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
if
((
pkey
==
NULL
)
||
(
pkey
->
type
!=
EVP_PKEY_RSA
)
||
(
pkey
->
pkey
.
rsa
==
NULL
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
EVP_PKEY_free
(
pkey
);
goto
err
;
}
rsa
=
pkey
->
pkey
.
rsa
;
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
if
((
pkey
==
NULL
)
||
(
pkey
->
type
!=
EVP_PKEY_RSA
)
||
(
pkey
->
pkey
.
rsa
==
NULL
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
EVP_PKEY_free
(
pkey
);
goto
err
;
}
rsa
=
pkey
->
pkey
.
rsa
;
EVP_PKEY_free
(
pkey
);
pms
[
0
]
=
s
->
client_version
>>
8
;
pms
[
1
]
=
s
->
client_version
&
0xff
;
...
...
@@ -3178,10 +3095,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
int
i
,
idx
;
long
alg_k
,
alg_a
;
EVP_PKEY
*
pkey
=
NULL
;
int
pkey_bits
;
#ifndef OPENSSL_NO_RSA
RSA
*
rsa
;
#endif
#ifndef OPENSSL_NO_DH
DH
*
dh
;
#endif
...
...
@@ -3193,9 +3106,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
/* we don't have a certificate */
if
((
alg_a
&
SSL_aNULL
)
||
(
alg_k
&
SSL_kPSK
))
return
(
1
);
#ifndef OPENSSL_NO_RSA
rsa
=
s
->
s3
->
peer_rsa_tmp
;
#endif
#ifndef OPENSSL_NO_DH
dh
=
s
->
s3
->
peer_dh_tmp
;
#endif
...
...
@@ -3222,7 +3132,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
}
#endif
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
pkey_bits
=
EVP_PKEY_bits
(
pkey
);
i
=
X509_certificate_type
(
s
->
session
->
peer
,
pkey
);
EVP_PKEY_free
(
pkey
);
...
...
@@ -3240,27 +3149,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
}
#endif
#ifndef OPENSSL_NO_RSA
if
(
alg_k
&
(
SSL_kRSA
|
SSL_kRSAPSK
))
{
if
(
!
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
)
&&
!
has_bits
(
i
,
EVP_PK_RSA
|
EVP_PKT_ENC
))
{
SSLerr
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
,
SSL_R_MISSING_RSA_ENCRYPTING_CERT
);
goto
f_err
;
}
else
if
(
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
))
{
if
(
pkey_bits
<=
SSL_C_EXPORT_PKEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
))
{
if
(
!
has_bits
(
i
,
EVP_PK_RSA
|
EVP_PKT_ENC
))
{
SSLerr
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
,
SSL_R_MISSING_RSA_ENCRYPTING_CERT
);
goto
f_err
;
}
if
(
rsa
!=
NULL
)
{
/* server key exchange is not allowed. */
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
,
ERR_R_INTERNAL_ERROR
);
goto
f_err
;
}
}
}
if
(
alg_k
&
(
SSL_kRSA
|
SSL_kRSAPSK
)
&&
!
has_bits
(
i
,
EVP_PK_RSA
|
EVP_PKT_ENC
))
{
SSLerr
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
,
SSL_R_MISSING_RSA_ENCRYPTING_CERT
);
goto
f_err
;
}
#endif
#ifndef OPENSSL_NO_DH
...
...
@@ -3284,48 +3177,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
# endif
#endif
if
(
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
)
&&
pkey_bits
>
SSL_C_EXPORT_PKEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
))
{
#ifndef OPENSSL_NO_RSA
if
(
alg_k
&
SSL_kRSA
)
{
if
(
rsa
==
NULL
)
{
SSLerr
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
,
SSL_R_MISSING_EXPORT_TMP_RSA_KEY
);
goto
f_err
;
}
else
if
(
RSA_bits
(
rsa
)
>
SSL_C_EXPORT_PKEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
))
{
/* We have a temporary RSA key but it's too large. */
al
=
SSL_AD_EXPORT_RESTRICTION
;
SSLerr
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
,
SSL_R_MISSING_EXPORT_TMP_RSA_KEY
);
goto
f_err
;
}
}
else
#endif
#ifndef OPENSSL_NO_DH
if
(
alg_k
&
SSL_kDHE
)
{
if
(
DH_bits
(
dh
)
>
SSL_C_EXPORT_PKEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
))
{
/* We have a temporary DH key but it's too large. */
al
=
SSL_AD_EXPORT_RESTRICTION
;
SSLerr
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
,
SSL_R_MISSING_EXPORT_TMP_DH_KEY
);
goto
f_err
;
}
}
else
if
(
alg_k
&
(
SSL_kDHr
|
SSL_kDHd
))
{
/* The cert should have had an export DH key. */
al
=
SSL_AD_EXPORT_RESTRICTION
;
SSLerr
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
,
SSL_R_MISSING_EXPORT_TMP_DH_KEY
);
goto
f_err
;
}
else
#endif
{
SSLerr
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
,
SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE
);
goto
f_err
;
}
}
return
(
1
);
f_err:
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
...
...
ssl/statem/statem_srvr.c
浏览文件 @
361a1191
...
...
@@ -315,7 +315,7 @@ static int send_server_key_exchange(SSL *s)
unsigned
long
alg_k
=
s
->
s3
->
tmp
.
new_cipher
->
algorithm_mkey
;
/*
* only send a ServerKeyExchange if DH
, fortezza or RSA
but we have a
* only send a ServerKeyExchange if DH
or fortezza
but we have a
* sign only certificate PSK: may send PSK identity hints For
* ECC ciphersuites, we send a serverKeyExchange message only if
* the cipher suite is either ECDH-anon or ECDHE. In other cases,
...
...
@@ -324,15 +324,6 @@ static int send_server_key_exchange(SSL *s)
*/
if
(
(
alg_k
&
SSL_kDHE
)
||
(
alg_k
&
SSL_kECDHE
)
||
((
alg_k
&
SSL_kRSA
)
&&
(
s
->
cert
->
pkeys
[
SSL_PKEY_RSA_ENC
].
privatekey
==
NULL
||
(
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
)
&&
EVP_PKEY_size
(
s
->
cert
->
pkeys
[
SSL_PKEY_RSA_ENC
].
privatekey
)
*
8
>
SSL_C_EXPORT_PKEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
)
)
)
)
/*
* PSK: send ServerKeyExchange if PSK identity hint if
* provided
...
...
@@ -1723,9 +1714,6 @@ int tls_construct_server_done(SSL *s)
int
tls_construct_server_key_exchange
(
SSL
*
s
)
{
#ifndef OPENSSL_NO_RSA
RSA
*
rsa
;
#endif
#ifndef OPENSSL_NO_DH
DH
*
dh
=
NULL
,
*
dhp
;
#endif
...
...
@@ -1769,35 +1757,6 @@ int tls_construct_server_key_exchange(SSL *s)
if
(
type
&
(
SSL_kPSK
|
SSL_kRSAPSK
))
{
}
else
#endif
/* !OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_RSA
if
(
type
&
SSL_kRSA
)
{
rsa
=
cert
->
rsa_tmp
;
if
((
rsa
==
NULL
)
&&
(
s
->
cert
->
rsa_tmp_cb
!=
NULL
))
{
rsa
=
s
->
cert
->
rsa_tmp_cb
(
s
,
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
),
SSL_C_EXPORT_PKEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
));
if
(
rsa
==
NULL
)
{
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE
,
SSL_R_ERROR_GENERATING_TMP_RSA_KEY
);
goto
f_err
;
}
RSA_up_ref
(
rsa
);
cert
->
rsa_tmp
=
rsa
;
}
if
(
rsa
==
NULL
)
{
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE
,
SSL_R_MISSING_TMP_RSA_KEY
);
goto
f_err
;
}
r
[
0
]
=
rsa
->
n
;
r
[
1
]
=
rsa
->
e
;
s
->
s3
->
tmp
.
use_rsa_tmp
=
1
;
}
else
#endif
#ifndef OPENSSL_NO_DH
if
(
type
&
(
SSL_kDHE
|
SSL_kDHEPSK
))
{
if
(
s
->
cert
->
dh_tmp_auto
)
{
...
...
@@ -1811,11 +1770,7 @@ int tls_construct_server_key_exchange(SSL *s)
}
else
dhp
=
cert
->
dh_tmp
;
if
((
dhp
==
NULL
)
&&
(
s
->
cert
->
dh_tmp_cb
!=
NULL
))
dhp
=
s
->
cert
->
dh_tmp_cb
(
s
,
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
),
SSL_C_EXPORT_PKEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
));
dhp
=
s
->
cert
->
dh_tmp_cb
(
s
,
0
,
1024
);
if
(
dhp
==
NULL
)
{
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE
,
...
...
@@ -1903,13 +1858,6 @@ int tls_construct_server_key_exchange(SSL *s)
goto
err
;
}
if
(
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
)
&&
(
EC_GROUP_get_degree
(
group
)
>
163
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE
,
SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER
);
goto
err
;
}
/*
* XXX: For now, we only support ephemeral ECDH keys over named
* (not generic) curves. For supported named curves, curve_id is
...
...
@@ -2316,30 +2264,15 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
size_t
j
;
/* FIX THIS UP EAY EAY EAY EAY */
if
(
s
->
s3
->
tmp
.
use_rsa_tmp
)
{
if
((
s
->
cert
!=
NULL
)
&&
(
s
->
cert
->
rsa_tmp
!=
NULL
))
rsa
=
s
->
cert
->
rsa_tmp
;
/*
* Don't do a callback because rsa_tmp should be sent already
*/
if
(
rsa
==
NULL
)
{
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
SSL_R_MISSING_TMP_RSA_PKEY
);
goto
f_err
;
}
}
else
{
pkey
=
s
->
cert
->
pkeys
[
SSL_PKEY_RSA_ENC
].
privatekey
;
if
((
pkey
==
NULL
)
||
(
pkey
->
type
!=
EVP_PKEY_RSA
)
||
(
pkey
->
pkey
.
rsa
==
NULL
))
{
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
SSL_R_MISSING_RSA_CERTIFICATE
);
goto
f_err
;
}
rsa
=
pkey
->
pkey
.
rsa
;
pkey
=
s
->
cert
->
pkeys
[
SSL_PKEY_RSA_ENC
].
privatekey
;
if
((
pkey
==
NULL
)
||
(
pkey
->
type
!=
EVP_PKEY_RSA
)
||
(
pkey
->
pkey
.
rsa
==
NULL
))
{
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
SSL_R_MISSING_RSA_CERTIFICATE
);
goto
f_err
;
}
rsa
=
pkey
->
pkey
.
rsa
;
/* SSLv3 and pre-standard DTLS omit the length bytes. */
if
(
s
->
version
==
SSL3_VERSION
||
s
->
version
==
DTLS1_BAD_VER
)
{
...
...
ssl/t1_enc.c
浏览文件 @
361a1191
...
...
@@ -294,15 +294,12 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km,
int
tls1_change_cipher_state
(
SSL
*
s
,
int
which
)
{
static
const
unsigned
char
empty
[]
=
""
;
unsigned
char
*
p
,
*
mac_secret
;
unsigned
char
*
exp_label
;
unsigned
char
tmp1
[
EVP_MAX_KEY_LENGTH
];
unsigned
char
tmp2
[
EVP_MAX_KEY_LENGTH
];
unsigned
char
iv1
[
EVP_MAX_IV_LENGTH
*
2
];
unsigned
char
iv2
[
EVP_MAX_IV_LENGTH
*
2
];
unsigned
char
*
ms
,
*
key
,
*
iv
;
int
client_write
;
EVP_CIPHER_CTX
*
dd
;
const
EVP_CIPHER
*
c
;
#ifndef OPENSSL_NO_COMP
...
...
@@ -313,10 +310,9 @@ int tls1_change_cipher_state(SSL *s, int which)
int
*
mac_secret_size
;
EVP_MD_CTX
*
mac_ctx
;
EVP_PKEY
*
mac_key
;
int
is_export
,
n
,
i
,
j
,
k
,
exp_label_len
,
cl
;
int
n
,
i
,
j
,
k
,
cl
;
int
reuse_dd
=
0
;
is_export
=
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
);
c
=
s
->
s3
->
tmp
.
new_sym_enc
;
m
=
s
->
s3
->
tmp
.
new_hash
;
mac_type
=
s
->
s3
->
tmp
.
new_mac_pkey_type
;
...
...
@@ -413,8 +409,7 @@ int tls1_change_cipher_state(SSL *s, int which)
i
=
*
mac_secret_size
=
s
->
s3
->
tmp
.
new_mac_secret_size
;
cl
=
EVP_CIPHER_key_length
(
c
);
j
=
is_export
?
(
cl
<
SSL_C_EXPORT_KEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
)
?
cl
:
SSL_C_EXPORT_KEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
))
:
cl
;
j
=
cl
;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
/* If GCM/CCM mode only part of IV comes from PRF */
if
(
EVP_CIPHER_mode
(
c
)
==
EVP_CIPH_GCM_MODE
)
...
...
@@ -431,9 +426,6 @@ int tls1_change_cipher_state(SSL *s, int which)
n
+=
j
+
j
;
iv
=
&
(
p
[
n
]);
n
+=
k
+
k
;
exp_label
=
(
unsigned
char
*
)
TLS_MD_CLIENT_WRITE_KEY_CONST
;
exp_label_len
=
TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE
;
client_write
=
1
;
}
else
{
n
=
i
;
ms
=
&
(
p
[
n
]);
...
...
@@ -442,9 +434,6 @@ int tls1_change_cipher_state(SSL *s, int which)
n
+=
j
+
k
;
iv
=
&
(
p
[
n
]);
n
+=
k
;
exp_label
=
(
unsigned
char
*
)
TLS_MD_SERVER_WRITE_KEY_CONST
;
exp_label_len
=
TLS_MD_SERVER_WRITE_KEY_CONST_SIZE
;
client_write
=
0
;
}
if
(
n
>
s
->
s3
->
tmp
.
key_block_length
)
{
...
...
@@ -473,33 +462,6 @@ int tls1_change_cipher_state(SSL *s, int which)
printf
(
"%02X%c"
,
ms
[
z
],
((
z
+
1
)
%
16
)
?
' '
:
'\n'
);
}
#endif
if
(
is_export
)
{
/*
* In here I set both the read and write key/iv to the same value
* since only the correct one will be used :-).
*/
if
(
!
tls1_PRF
(
s
,
exp_label
,
exp_label_len
,
s
->
s3
->
client_random
,
SSL3_RANDOM_SIZE
,
s
->
s3
->
server_random
,
SSL3_RANDOM_SIZE
,
NULL
,
0
,
NULL
,
0
,
key
,
j
,
tmp1
,
tmp2
,
EVP_CIPHER_key_length
(
c
)))
goto
err2
;
key
=
tmp1
;
if
(
k
>
0
)
{
if
(
!
tls1_PRF
(
s
,
TLS_MD_IV_BLOCK_CONST
,
TLS_MD_IV_BLOCK_CONST_SIZE
,
s
->
s3
->
client_random
,
SSL3_RANDOM_SIZE
,
s
->
s3
->
server_random
,
SSL3_RANDOM_SIZE
,
NULL
,
0
,
NULL
,
0
,
empty
,
0
,
iv1
,
iv2
,
k
*
2
))
goto
err2
;
if
(
client_write
)
iv
=
iv1
;
else
iv
=
&
(
iv1
[
k
]);
}
}
if
(
EVP_CIPHER_mode
(
c
)
==
EVP_CIPH_GCM_MODE
)
{
if
(
!
EVP_CipherInit_ex
(
dd
,
c
,
NULL
,
key
,
NULL
,
(
which
&
SSL3_CC_WRITE
))
...
...
test/ssltest.c
浏览文件 @
361a1191
...
...
@@ -212,10 +212,6 @@
#define COMP_ZLIB 1
static
int
verify_callback
(
int
ok
,
X509_STORE_CTX
*
ctx
);
#ifndef OPENSSL_NO_RSA
static
RSA
*
tmp_rsa_cb
(
SSL
*
s
,
int
is_export
,
int
keylength
);
static
void
free_tmp_rsa
(
void
);
#endif
static
int
app_verify_callback
(
X509_STORE_CTX
*
ctx
,
void
*
arg
);
#define APP_CALLBACK_STRING "Test Callback Argument"
struct
app_verify_arg
{
...
...
@@ -1483,10 +1479,6 @@ int main(int argc, char *argv[])
(
void
)
no_ecdhe
;
#endif
#ifndef OPENSSL_NO_RSA
SSL_CTX_set_tmp_rsa_callback
(
s_ctx
,
tmp_rsa_cb
);
#endif
if
((
!
SSL_CTX_load_verify_locations
(
s_ctx
,
CAfile
,
CApath
))
||
(
!
SSL_CTX_set_default_verify_paths
(
s_ctx
))
||
(
!
SSL_CTX_load_verify_locations
(
c_ctx
,
CAfile
,
CApath
))
||
...
...
@@ -1716,9 +1708,6 @@ int main(int argc, char *argv[])
BIO_free
(
bio_stdout
);
#ifndef OPENSSL_NO_RSA
free_tmp_rsa
();
#endif
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup
();
#endif
...
...
@@ -2834,39 +2823,6 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
return
(
ok
);
}
#ifndef OPENSSL_NO_RSA
static
RSA
*
rsa_tmp
=
NULL
;
static
RSA
*
tmp_rsa_cb
(
SSL
*
s
,
int
is_export
,
int
keylength
)
{
BIGNUM
*
bn
=
NULL
;
if
(
rsa_tmp
==
NULL
)
{
bn
=
BN_new
();
rsa_tmp
=
RSA_new
();
if
(
!
bn
||
!
rsa_tmp
||
!
BN_set_word
(
bn
,
RSA_F4
))
{
BIO_printf
(
bio_err
,
"Memory error..."
);
goto
end
;
}
printf
(
"Generating temp (%d bit) RSA key..."
,
keylength
);
if
(
!
RSA_generate_key_ex
(
rsa_tmp
,
keylength
,
bn
,
NULL
))
{
BIO_printf
(
bio_err
,
"Error generating key."
);
RSA_free
(
rsa_tmp
);
rsa_tmp
=
NULL
;
}
end:
printf
(
"
\n
"
);
}
BN_free
(
bn
);
return
(
rsa_tmp
);
}
static
void
free_tmp_rsa
(
void
)
{
RSA_free
(
rsa_tmp
);
rsa_tmp
=
NULL
;
}
#endif
#ifndef OPENSSL_NO_DH
/*-
* These DH parameters have been generated as follows:
...
...
util/ssleay.num
浏览文件 @
361a1191
...
...
@@ -157,7 +157,7 @@ BIO_new_ssl_connect 174 EXIST::FUNCTION:
SSL_get_ex_data_X509_STORE_CTX_idx 175 EXIST:!VMS:FUNCTION:
SSL_get_ex_d_X509_STORE_CTX_idx 175 EXIST:VMS:FUNCTION:
SSL_CTX_set_tmp_dh_callback 176 EXIST::FUNCTION:DH
SSL_CTX_set_tmp_rsa_callback 177
EXIST::FUNCTION:RSA
SSL_CTX_set_tmp_rsa_callback 177
NOEXIST::FUNCTION:
SSL_CTX_set_timeout 178 EXIST::FUNCTION:
SSL_CTX_get_timeout 179 EXIST::FUNCTION:
SSL_CTX_get_cert_store 180 EXIST::FUNCTION:
...
...
@@ -167,7 +167,7 @@ SSL_library_init 183 EXIST::FUNCTION:
SSL_COMP_add_compression_method 184 EXIST::FUNCTION:
SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:
SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:
SSL_set_tmp_rsa_callback 186
EXIST::FUNCTION:RSA
SSL_set_tmp_rsa_callback 186
NOEXIST::FUNCTION:
SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH
SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS:FUNCTION:
SSL_add_dir_cert_subjs_to_stk 188 EXIST:VMS:FUNCTION:
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录