提交 e11f0de6 编写于 作者: B Bodo Möller

Copy DH key (if available) in addition to the bare parameters

in SSL_new.
If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh
on computing a DH key that will be ignored anyway.

ssltest -dhe1024dsa (w/ 160-bit sub-prime) had an unfair performance
advantage over -dhe1024 (safe prime): SSL_OP_SINGLE_DH_USE was
effectively always enabled because SSL_new ignored the DH key set in
the SSL_CTX.  Now -dhe1024 takes the server only about twice as long
as -dhe1024dsa instead of three times as long (for 1024 bit RSA
with 1024 bit DH).
上级 563f1503
...@@ -4,6 +4,15 @@ ...@@ -4,6 +4,15 @@
Changes between 0.9.5 and 0.9.5a [XX XXX 2000] Changes between 0.9.5 and 0.9.5a [XX XXX 2000]
*) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
is set; it will be thrown away anyway because each handshake creates
its own key.
ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
to parameters -- in previous versions (since OpenSSL 0.9.3) the
'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
[Bodo Moeller]
*) New s_client option -ign_eof: EOF at stdin is ignored, and *) New s_client option -ign_eof: EOF at stdin is ignored, and
'Q' and 'R' lose their special meanings (quit/renegotiate). 'Q' and 'R' lose their special meanings (quit/renegotiate).
This is part of what -quiet does; unlike -quiet, -ign_eof This is part of what -quiet does; unlike -quiet, -ign_eof
......
...@@ -771,14 +771,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg) ...@@ -771,14 +771,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
case SSL_CTRL_SET_TMP_RSA: case SSL_CTRL_SET_TMP_RSA:
{ {
RSA *rsa = (RSA *)parg; RSA *rsa = (RSA *)parg;
if (rsa == NULL) { if (rsa == NULL)
{
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return(ret); return(ret);
} }
if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
{
SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
return(ret); return(ret);
} }
if (s->cert->rsa_tmp != NULL) if (s->cert->rsa_tmp != NULL)
RSA_free(s->cert->rsa_tmp); RSA_free(s->cert->rsa_tmp);
s->cert->rsa_tmp = rsa; s->cert->rsa_tmp = rsa;
...@@ -796,19 +798,25 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg) ...@@ -796,19 +798,25 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
case SSL_CTRL_SET_TMP_DH: case SSL_CTRL_SET_TMP_DH:
{ {
DH *dh = (DH *)parg; DH *dh = (DH *)parg;
if (dh == NULL) { if (dh == NULL)
{
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return(ret); return(ret);
} }
if ((dh = DHparams_dup(dh)) == NULL) { if ((dh = DHparams_dup(dh)) == NULL)
SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); {
return(ret);
}
if (!DH_generate_key(dh)) {
DH_free(dh);
SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
return(ret); return(ret);
} }
if (!(s->options & SSL_OP_SINGLE_DH_USE))
{
if (!DH_generate_key(dh))
{
DH_free(dh);
SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
return(ret);
}
}
if (s->cert->dh_tmp != NULL) if (s->cert->dh_tmp != NULL)
DH_free(s->cert->dh_tmp); DH_free(s->cert->dh_tmp);
s->cert->dh_tmp = dh; s->cert->dh_tmp = dh;
...@@ -843,7 +851,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)()) ...@@ -843,7 +851,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
0) 0)
{ {
if (!ssl_cert_inst(&s->cert)) if (!ssl_cert_inst(&s->cert))
{ {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
return(0); return(0);
} }
...@@ -929,23 +937,26 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg) ...@@ -929,23 +937,26 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
case SSL_CTRL_SET_TMP_DH: case SSL_CTRL_SET_TMP_DH:
{ {
DH *new=NULL,*dh; DH *new=NULL,*dh;
int rret=0;
dh=(DH *)parg; dh=(DH *)parg;
if ( ((new=DHparams_dup(dh)) == NULL) || if ((new=DHparams_dup(dh)) == NULL)
(!DH_generate_key(new)))
{ {
SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
if (new != NULL) DH_free(new); return 0;
} }
else if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
{ {
if (cert->dh_tmp != NULL) if (!DH_generate_key(new))
DH_free(cert->dh_tmp); {
cert->dh_tmp=new; SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
rret=1; DH_free(new);
return 0;
}
} }
return(rret); if (cert->dh_tmp != NULL)
DH_free(cert->dh_tmp);
cert->dh_tmp=new;
return 1;
} }
/*break; */ /*break; */
case SSL_CTRL_SET_TMP_DH_CB: case SSL_CTRL_SET_TMP_DH_CB:
......
...@@ -191,16 +191,33 @@ CERT *ssl_cert_dup(CERT *cert) ...@@ -191,16 +191,33 @@ CERT *ssl_cert_dup(CERT *cert)
#ifndef NO_DH #ifndef NO_DH
if (cert->dh_tmp != NULL) if (cert->dh_tmp != NULL)
{ {
/* DH parameters don't have a reference count (and cannot /* DH parameters don't have a reference count */
* reasonably be shared anyway, as the secret exponent may
* be created just when it is needed -- earlier library
* versions did not pay attention to this) */
ret->dh_tmp = DHparams_dup(cert->dh_tmp); ret->dh_tmp = DHparams_dup(cert->dh_tmp);
if (ret->dh_tmp == NULL) if (ret->dh_tmp == NULL)
{ {
SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_DH_LIB); SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_DH_LIB);
goto err; goto err;
} }
if (cert->dh_tmp->priv_key)
{
BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
if (!b)
{
SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_BN_LIB);
goto err;
}
ret->dh_tmp->priv_key = b;
}
if (cert->dh_tmp->pub_key)
{
BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
if (!b)
{
SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_BN_LIB);
goto err;
}
ret->dh_tmp->pub_key = b;
}
} }
ret->dh_tmp_cb = cert->dh_tmp_cb; ret->dh_tmp_cb = cert->dh_tmp_cb;
#endif #endif
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册