提交 e2b420fd 编写于 作者: D Dr. Stephen Henson

Server side EVP_PKEY DH support

Reviewed-by: NMatt Caswell <matt@openssl.org>
上级 6c4e6670
......@@ -1836,7 +1836,7 @@ __owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
/* Sanity check of curve server selects */
# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE)
/* Temporary DH key */
# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_DH)
# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY)
/* SSL/TLS version */
# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE)
/* Session tickets */
......
......@@ -3488,21 +3488,24 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_SET_TMP_DH:
{
DH *dh = (DH *)parg;
EVP_PKEY *pkdh = NULL;
if (dh == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return (ret);
}
pkdh = ssl_dh_to_pkey(dh);
if (pkdh == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!ssl_security(s, SSL_SECOP_TMP_DH,
DH_security_bits(dh), 0, dh)) {
EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
return (ret);
EVP_PKEY_free(pkdh);
return ret;
}
if ((dh = DHparams_dup(dh)) == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
return (ret);
}
DH_free(s->cert->dh_tmp);
s->cert->dh_tmp = dh;
EVP_PKEY_free(s->cert->dh_tmp);
s->cert->dh_tmp = pkdh;
ret = 1;
}
break;
......@@ -3851,27 +3854,25 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
DH *new = NULL, *dh;
CERT *cert;
cert = ctx->cert;
dh = (DH *)parg;
if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
DH_security_bits(dh), 0, dh)) {
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
DH *dh = (DH *)parg;
EVP_PKEY *pkdh = NULL;
if (dh == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if ((new = DHparams_dup(dh)) == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
pkdh = ssl_dh_to_pkey(dh);
if (pkdh == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!DH_generate_key(new)) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
DH_free(new);
return 0;
if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
EVP_PKEY_free(pkdh);
return 1;
}
DH_free(cert->dh_tmp);
cert->dh_tmp = new;
EVP_PKEY_free(ctx->cert->dh_tmp);
ctx->cert->dh_tmp = pkdh;
return 1;
}
/*
......
......@@ -197,27 +197,8 @@ CERT *ssl_cert_dup(CERT *cert)
#ifndef OPENSSL_NO_DH
if (cert->dh_tmp != NULL) {
ret->dh_tmp = DHparams_dup(cert->dh_tmp);
if (ret->dh_tmp == NULL) {
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
goto err;
}
if (cert->dh_tmp->priv_key) {
BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
if (!b) {
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
goto err;
}
ret->dh_tmp->priv_key = b;
}
if (cert->dh_tmp->pub_key) {
BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
if (!b) {
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
goto err;
}
ret->dh_tmp->pub_key = b;
}
ret->dh_tmp = cert->dh_tmp;
EVP_PKEY_up_ref(ret->dh_tmp);
}
ret->dh_tmp_cb = cert->dh_tmp_cb;
ret->dh_tmp_auto = cert->dh_tmp_auto;
......@@ -370,7 +351,7 @@ void ssl_cert_free(CERT *c)
#endif
#ifndef OPENSSL_NO_DH
DH_free(c->dh_tmp);
EVP_PKEY_free(c->dh_tmp);
#endif
ssl_cert_clear_certs(c);
......
......@@ -1489,7 +1489,7 @@ typedef struct cert_st {
*/
CERT_PKEY *key;
# ifndef OPENSSL_NO_DH
DH *dh_tmp;
EVP_PKEY *dh_tmp;
DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
int dh_tmp_auto;
# endif
......
......@@ -1714,7 +1714,7 @@ int tls_construct_server_done(SSL *s)
int tls_construct_server_key_exchange(SSL *s)
{
#ifndef OPENSSL_NO_DH
DH *dh = NULL, *dhp;
EVP_PKEY *pkdh = NULL;
#endif
#ifndef OPENSSL_NO_EC
unsigned char *encodedPoint = NULL;
......@@ -1761,49 +1761,66 @@ int tls_construct_server_key_exchange(SSL *s)
if (type & (SSL_kDHE | SSL_kDHEPSK)) {
CERT *cert = s->cert;
EVP_PKEY *pkdhp = NULL;
DH *dh;
if (s->cert->dh_tmp_auto) {
dhp = ssl_get_auto_dh(s);
if (dhp == NULL) {
DH *dhp = ssl_get_auto_dh(s);
pkdh = EVP_PKEY_new();
if (pkdh == NULL || dhp == NULL) {
DH_free(dhp);
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto f_err;
}
} else
dhp = cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
dhp = s->cert->dh_tmp_cb(s, 0, 1024);
if (dhp == NULL) {
EVP_PKEY_assign_DH(pkdh, dhp);
pkdhp = pkdh;
} else {
pkdhp = cert->dh_tmp;
}
if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) {
DH *dhp = s->cert->dh_tmp_cb(s, 0, 1024);
pkdh = ssl_dh_to_pkey(dhp);
if (pkdh == NULL) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto f_err;
}
pkdhp = pkdh;
}
if (pkdhp == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
SSL_R_MISSING_TMP_DH_KEY);
goto f_err;
}
if (!ssl_security(s, SSL_SECOP_TMP_DH,
DH_security_bits(dhp), 0, dhp)) {
EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
SSL_R_DH_KEY_TOO_SMALL);
goto f_err;
}
if (s->s3->tmp.dh != NULL) {
if (s->s3->tmp.pkey != NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
if (s->cert->dh_tmp_auto)
dh = dhp;
else if ((dh = DHparams_dup(dhp)) == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
goto err;
}
s->s3->tmp.pkey = ssl_generate_pkey(pkdhp, NID_undef);
s->s3->tmp.dh = dh;
if (!DH_generate_key(dh)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
if (s->s3->tmp.pkey == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto err;
}
dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey);
EVP_PKEY_free(pkdh);
pkdh = NULL;
r[0] = dh->p;
r[1] = dh->g;
r[2] = dh->pub_key;
......@@ -2018,6 +2035,9 @@ int tls_construct_server_key_exchange(SSL *s)
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
#ifndef OPENSSL_NO_DH
EVP_PKEY_free(pkdh);
#endif
#ifndef OPENSSL_NO_EC
OPENSSL_free(encodedPoint);
#endif
......@@ -2107,10 +2127,6 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
#endif
#ifndef OPENSSL_NO_DH
BIGNUM *pub = NULL;
DH *dh_srvr;
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY *ckey = NULL;
#endif
......@@ -2334,7 +2350,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
#endif
#ifndef OPENSSL_NO_DH
if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
unsigned char shared[(OPENSSL_DH_MAX_MODULUS_BITS + 7) / 8];
EVP_PKEY *skey = NULL;
DH *cdh;
if (!PACKET_get_net_2(pkt, &i)) {
if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
......@@ -2350,13 +2367,13 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
goto err;
}
if (s->s3->tmp.dh == NULL) {
skey = s->s3->tmp.pkey;
if (skey == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_MISSING_TMP_DH_KEY);
goto f_err;
} else
dh_srvr = s->s3->tmp.dh;
}
if (PACKET_remaining(pkt) == 0L) {
al = SSL_AD_HANDSHAKE_FAILURE;
......@@ -2371,29 +2388,27 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
ERR_R_INTERNAL_ERROR);
goto f_err;
}
pub = BN_bin2bn(data, i, NULL);
if (pub == NULL) {
ckey = EVP_PKEY_new();
if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
goto err;
}
i = DH_compute_key(shared, pub, dh_srvr);
if (i <= 0) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
BN_clear_free(pub);
cdh = EVP_PKEY_get0_DH(ckey);
cdh->pub_key = BN_bin2bn(data, i, NULL);
if (cdh->pub_key == NULL) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
goto err;
}
DH_free(s->s3->tmp.dh);
s->s3->tmp.dh = NULL;
BN_clear_free(pub);
pub = NULL;
if (!ssl_generate_master_secret(s, shared, i, 0)) {
if (ssl_derive(s, skey, ckey) == 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
}
EVP_PKEY_free(ckey);
ckey = NULL;
} else
#endif
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册