[openssl-commits] [openssl] master update
Kurt Roeckx
kurt at openssl.org
Fri Dec 4 21:37:58 UTC 2015
The branch master has been updated
via fe6ef2472db933f01b59cad82aa925736935984b (commit)
via 6977e8ee4a718a76351ba5275a9f0be4e530eab5 (commit)
via 6f78b9e824c053d062188578635c575017b587c5 (commit)
from ad3819c29ed91ee31ebc806939e6104970694811 (commit)
- Log -----------------------------------------------------------------
commit fe6ef2472db933f01b59cad82aa925736935984b
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Fri Dec 4 22:30:36 2015 +0100
Remove SSL_{CTX_}set_ecdh_auto() and always enable ECDH
Reviewed-by: Dr. Stephen Henson <steve at openssl.org>
commit 6977e8ee4a718a76351ba5275a9f0be4e530eab5
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Fri Dec 4 22:25:11 2015 +0100
Make SSL_{CTX}_set_tmp_ecdh() call SSL_{CTX_}set1_curves()
SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it. On
the other hand SSL_{CTX_}set1_curves() allows you to set a list of curves, but
only when SSL_{CTX_}set_ecdh_auto() was called to turn it on.
Reviewed-by: Dr. Stephen Henson <steve at openssl.org>
commit 6f78b9e824c053d062188578635c575017b587c5
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Fri Dec 4 22:22:31 2015 +0100
Remove support for SSL_{CTX_}set_tmp_ecdh_callback().
This only gets used to set a specific curve without actually checking that the
peer supports it or not and can therefor result in handshake failures that can
be avoided by selecting a different cipher.
Reviewed-by: Dr. Stephen Henson <steve at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 13 ++++++
doc/ssl/SSL_CTX_set1_curves.pod | 28 ++-----------
include/openssl/ssl.h | 14 -------
ssl/s3_lib.c | 89 ++++++++++++-----------------------------
ssl/ssl_cert.c | 15 -------
ssl/ssl_ciph.c | 2 -
ssl/ssl_conf.c | 57 ++++++++------------------
ssl/ssl_lib.c | 32 +++------------
ssl/ssl_locl.h | 7 ----
ssl/statem/statem_srvr.c | 33 +++------------
ssl/t1_lib.c | 73 +++++++++++----------------------
util/ssleay.num | 4 +-
12 files changed, 93 insertions(+), 274 deletions(-)
diff --git a/CHANGES b/CHANGES
index 55362fe..c8da88c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -13,6 +13,19 @@
pages. This work was developed in partnership with Intel Corp.
[Matt Caswell]
+ *) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
+ always enabled now. If you want to disable the support you should
+ exclude it using the list of supported ciphers.
+ [Kurt Roeckx]
+
+ *) SSL_{CTX}_set_tmp_ecdh() which can set 1 EC curve now internally calls
+ SSL_{CTX_}set1_curves() which can set a list.
+ [Kurt Roeckx]
+
+ *) Remove support for SSL_{CTX_}set_tmp_ecdh_callback(). You should set the
+ curve you want to support using SSL_{CTX_}set1_curves().
+ [Kurt Roeckx]
+
*) State machine rewrite. The state machine code has been significantly
refactored in order to remove much duplication of code and solve issues
with the old code (see ssl/statem/README for further details). This change
diff --git a/doc/ssl/SSL_CTX_set1_curves.pod b/doc/ssl/SSL_CTX_set1_curves.pod
index e2d4803..4b6d1af 100644
--- a/doc/ssl/SSL_CTX_set1_curves.pod
+++ b/doc/ssl/SSL_CTX_set1_curves.pod
@@ -3,8 +3,7 @@
=head1 NAME
SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves,
-SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve,
-SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto - EC supported curve functions
+SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve functions
=head1 SYNOPSIS
@@ -19,9 +18,6 @@ SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto - EC supported curve functions
int SSL_get1_curves(SSL *ssl, int *curves);
int SSL_get_shared_curve(SSL *s, int n);
- int SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int onoff);
- int SSL_set_ecdh_auto(SSL *s, int onoff);
-
=head1 DESCRIPTION
SSL_CTX_set1_curves() sets the supported curves for B<ctx> to B<clistlen>
@@ -52,11 +48,6 @@ most applications will only be interested in the first shared curve
so B<n> is normally set to zero. If the value B<n> is out of range,
NID_undef is returned.
-SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve
-selection for server B<ctx> or B<ssl> to B<onoff>. If B<onoff> is 1 then
-the highest preference curve is automatically used for ECDH temporary
-keys used during key exchange.
-
All these functions are implemented as macros.
=head1 NOTES
@@ -65,23 +56,10 @@ If an application wishes to make use of several of these functions for
configuration purposes either on a command line or in a file it should
consider using the SSL_CONF interface instead of manually parsing options.
-The functions SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() can be used to
-make a server always choose the most appropriate curve for a client. If set
-it will override any temporary ECDH parameters set by a server. Previous
-versions of OpenSSL could effectively only use a single ECDH curve set
-using a function such as SSL_CTX_set_ecdh_tmp(). Newer applications should
-just call:
-
- SSL_CTX_set_ecdh_auto(ctx, 1);
-
-and they will automatically support ECDH using the most appropriate shared
-curve.
-
=head1 RETURN VALUES
-SSL_CTX_set1_curves(), SSL_CTX_set1_curves_list(), SSL_set1_curves(),
-SSL_set1_curves_list(), SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto()
-return 1 for success and 0 for failure.
+SSL_CTX_set1_curves(), SSL_CTX_set1_curves_list(), SSL_set1_curves() and
+SSL_set1_curves_list(), return 1 for success and 0 for failure.
SSL_get1_curves() returns the number of curves, which may be zero.
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 2f3f514..e4a22dc 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1119,7 +1119,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_SET_TMP_ECDH 4
# define SSL_CTRL_SET_TMP_RSA_CB 5
# define SSL_CTRL_SET_TMP_DH_CB 6
-# define SSL_CTRL_SET_TMP_ECDH_CB 7
# define SSL_CTRL_GET_SESSION_REUSED 8
# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
@@ -1203,7 +1202,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_SET_CURVES 91
# define SSL_CTRL_SET_CURVES_LIST 92
# define SSL_CTRL_GET_SHARED_CURVE 93
-# define SSL_CTRL_SET_ECDH_AUTO 94
# define SSL_CTRL_SET_SIGALGS 97
# define SSL_CTRL_SET_SIGALGS_LIST 98
# define SSL_CTRL_CERT_FLAGS 99
@@ -1336,10 +1334,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s)
# define SSL_get_shared_curve(s, n) \
SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL)
-# define SSL_CTX_set_ecdh_auto(ctx, onoff) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
-# define SSL_set_ecdh_auto(s, onoff) \
- SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
# define SSL_CTX_set1_sigalgs_list(ctx, s) \
@@ -1772,14 +1766,6 @@ void SSL_set_tmp_dh_callback(SSL *ssl,
DH *(*dh) (SSL *ssl, int is_export,
int keylength));
# endif
-# ifndef OPENSSL_NO_EC
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
- EC_KEY *(*ecdh) (SSL *ssl, int is_export,
- int keylength));
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
- EC_KEY *(*ecdh) (SSL *ssl, int is_export,
- int keylength));
-# endif
__owur const COMP_METHOD *SSL_get_current_compression(SSL *s);
__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index bf7336c..d89cdfa 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4072,34 +4072,26 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
- EC_KEY *ecdh = NULL;
+ const EC_GROUP *group = NULL;
+ int nid;
if (parg == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return (ret);
- }
- if (!EC_KEY_up_ref((EC_KEY *)parg)) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
- return (ret);
+ return 0;
}
- ecdh = (EC_KEY *)parg;
- if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
- if (!EC_KEY_generate_key(ecdh)) {
- EC_KEY_free(ecdh);
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
- return (ret);
- }
+ group = EC_KEY_get0_group((const EC_KEY *)parg);
+ if (group == NULL) {
+ SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
+ return 0;
}
- EC_KEY_free(s->cert->ecdh_tmp);
- s->cert->ecdh_tmp = ecdh;
- ret = 1;
+ nid = EC_GROUP_get_curve_name(group);
+ if (nid == NID_undef)
+ return 0;
+ return tls1_set_curves(&s->tlsext_ellipticcurvelist,
+ &s->tlsext_ellipticcurvelist_length,
+ &nid, 1);
}
break;
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (ret);
- }
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
@@ -4264,11 +4256,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_GET_SHARED_CURVE:
return tls1_shared_curve(s, larg);
-# ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_ECDH_AUTO:
- s->cert->ecdh_tmp_auto = larg;
- return 1;
-# endif
#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
@@ -4423,13 +4410,6 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
}
break;
#endif
-#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
s->tlsext_debug_cb = (void (*)(SSL *, int, int,
unsigned char *, int, void *))fp;
@@ -4534,35 +4514,26 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
- EC_KEY *ecdh = NULL;
+ const EC_GROUP *group = NULL;
+ int nid;
if (parg == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- ecdh = EC_KEY_dup((EC_KEY *)parg);
- if (ecdh == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
+ group = EC_KEY_get0_group((const EC_KEY *)parg);
+ if (group == NULL) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
return 0;
}
- if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
- if (!EC_KEY_generate_key(ecdh)) {
- EC_KEY_free(ecdh);
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
- return 0;
- }
- }
-
- EC_KEY_free(cert->ecdh_tmp);
- cert->ecdh_tmp = ecdh;
- return 1;
+ nid = EC_GROUP_get_curve_name(group);
+ if (nid == NID_undef)
+ return 0;
+ return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
+ &ctx->tlsext_ellipticcurvelist_length,
+ &nid, 1);
}
/* break; */
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (0);
- }
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->tlsext_servername_arg = parg;
@@ -4635,9 +4606,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
&ctx->tlsext_ellipticcurvelist_length,
parg);
- case SSL_CTRL_SET_ECDH_AUTO:
- ctx->cert->ecdh_tmp_auto = larg;
- return 1;
#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
@@ -4733,13 +4701,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
}
break;
#endif
-#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
break;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 6f9fcdb..0153b18 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -231,18 +231,6 @@ CERT *ssl_cert_dup(CERT *cert)
ret->dh_tmp_auto = cert->dh_tmp_auto;
#endif
-#ifndef OPENSSL_NO_EC
- if (cert->ecdh_tmp) {
- ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
- if (ret->ecdh_tmp == NULL) {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
- goto err;
- }
- }
- ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
- ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;
-#endif
-
for (i = 0; i < SSL_PKEY_NUM; i++) {
CERT_PKEY *cpk = cert->pkeys + i;
CERT_PKEY *rpk = ret->pkeys + i;
@@ -395,9 +383,6 @@ void ssl_cert_free(CERT *c)
#ifndef OPENSSL_NO_DH
DH_free(c->dh_tmp);
#endif
-#ifndef OPENSSL_NO_EC
- EC_KEY_free(c->ecdh_tmp);
-#endif
ssl_cert_clear_certs(c);
OPENSSL_free(c->conf_sigalgs);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 58acec4..d2139e1 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1415,8 +1415,6 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
*prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
break;
}
- /* Set auto ECDH parameter determination */
- c->ecdh_tmp_auto = 1;
return 1;
# else
SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index ad20f44..ce52569 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -268,48 +268,23 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
/* ECDH temporary parameters */
static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
{
- int onoff = -1, rv = 1;
- if (cctx->flags & SSL_CONF_FLAG_FILE) {
- if (*value == '+') {
- onoff = 1;
- value++;
- }
- if (*value == '-') {
- onoff = 0;
- value++;
- }
- if (strcasecmp(value, "automatic") == 0) {
- if (onoff == -1)
- onoff = 1;
- } else if (onoff != -1)
- return 0;
- } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
- if (strcmp(value, "auto") == 0)
- onoff = 1;
- }
+ int rv = 1;
+ EC_KEY *ecdh;
+ int nid;
- if (onoff != -1) {
- if (cctx->ctx)
- rv = SSL_CTX_set_ecdh_auto(cctx->ctx, onoff);
- else if (cctx->ssl)
- rv = SSL_set_ecdh_auto(cctx->ssl, onoff);
- } else {
- EC_KEY *ecdh;
- int nid;
- nid = EC_curve_nist2nid(value);
- if (nid == NID_undef)
- nid = OBJ_sn2nid(value);
- if (nid == 0)
- return 0;
- ecdh = EC_KEY_new_by_curve_name(nid);
- if (!ecdh)
- return 0;
- if (cctx->ctx)
- rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);
- else if (cctx->ssl)
- rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);
- EC_KEY_free(ecdh);
- }
+ nid = EC_curve_nist2nid(value);
+ if (nid == NID_undef)
+ nid = OBJ_sn2nid(value);
+ if (nid == 0)
+ return 0;
+ ecdh = EC_KEY_new_by_curve_name(nid);
+ if (!ecdh)
+ return 0;
+ if (cctx->ctx)
+ rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);
+ else if (cctx->ssl)
+ rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);
+ EC_KEY_free(ecdh);
return rv > 0;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index cac692d..ea2acce 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2010,7 +2010,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
unsigned long mask_k, mask_a, emask_k, emask_a;
#ifndef OPENSSL_NO_EC
int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
- int have_ecdh_tmp, ecdh_ok;
+ int ecdh_ok;
X509 *x = NULL;
EVP_PKEY *ecc_pkey = NULL;
int pk_nid = 0, md_nid = 0;
@@ -2036,9 +2036,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
dh_tmp = dh_tmp_export = 0;
#endif
-#ifndef OPENSSL_NO_EC
- have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
-#endif
cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID;
rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
@@ -2063,8 +2060,8 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
#ifdef CIPHER_DEBUG
fprintf(stderr,
- "rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
- rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc,
+ "rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+ rsa_tmp, rsa_tmp_export, dh_tmp, rsa_enc,
rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
#endif
@@ -2169,10 +2166,8 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
#endif
#ifndef OPENSSL_NO_EC
- if (have_ecdh_tmp) {
- mask_k |= SSL_kECDHE;
- emask_k |= SSL_kECDHE;
- }
+ mask_k |= SSL_kECDHE;
+ emask_k |= SSL_kECDHE;
#endif
#ifndef OPENSSL_NO_PSK
@@ -3142,23 +3137,6 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
}
#endif
-#ifndef OPENSSL_NO_EC
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
- EC_KEY *(*ecdh) (SSL *ssl, int is_export,
- int keylength))
-{
- SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
- (void (*)(void))ecdh);
-}
-
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
- EC_KEY *(*ecdh) (SSL *ssl, int is_export,
- int keylength))
-{
- SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh);
-}
-#endif
-
#ifndef OPENSSL_NO_PSK
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
{
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index b4c6244..c1ae1c0 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1568,13 +1568,6 @@ typedef struct cert_st {
DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
int dh_tmp_auto;
# endif
-# ifndef OPENSSL_NO_EC
- EC_KEY *ecdh_tmp;
- /* Callback for generating ephemeral ECDH keys */
- EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize);
- /* Select ECDH parameters automatically */
- int ecdh_tmp_auto;
-# endif
/* Flags related to certificates */
uint32_t cert_flags;
CERT_PKEY pkeys[SSL_PKEY_NUM];
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index bdeaf7e..d4668b2 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1730,7 +1730,6 @@ int tls_construct_server_key_exchange(SSL *s)
DH *dh = NULL, *dhp;
#endif
#ifndef OPENSSL_NO_EC
- EC_KEY *ecdh = NULL, *ecdhp;
unsigned char *encodedPoint = NULL;
int encodedlen = 0;
int curve_id = 0;
@@ -1867,21 +1866,13 @@ int tls_construct_server_key_exchange(SSL *s)
#ifndef OPENSSL_NO_EC
if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
const EC_GROUP *group;
+ EC_KEY *ecdh = NULL;
- ecdhp = cert->ecdh_tmp;
- if (s->cert->ecdh_tmp_auto) {
- /* Get NID of appropriate shared curve */
- int nid = tls1_shared_curve(s, -2);
- if (nid != NID_undef)
- ecdhp = EC_KEY_new_by_curve_name(nid);
- } else if ((ecdhp == NULL) && s->cert->ecdh_tmp_cb) {
- ecdhp = s->cert->ecdh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->
- tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->
- s3->tmp.new_cipher));
- }
- if (ecdhp == NULL) {
+ /* Get NID of appropriate shared curve */
+ int nid = tls1_shared_curve(s, -2);
+ if (nid != NID_undef)
+ ecdh = EC_KEY_new_by_curve_name(nid);
+ if (ecdh == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
SSL_R_MISSING_TMP_ECDH_KEY);
@@ -1894,18 +1885,6 @@ int tls_construct_server_key_exchange(SSL *s)
goto err;
}
- /* Duplicate the ECDH structure. */
- if (ecdhp == NULL) {
- SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
- goto err;
- }
- if (s->cert->ecdh_tmp_auto)
- ecdh = ecdhp;
- else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
- SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
- goto err;
- }
-
s->s3->tmp.ecdh = ecdh;
if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
(EC_KEY_get0_private_key(ecdh) == NULL) ||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 02ad438..971aad3 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -259,8 +259,8 @@ static const unsigned char ecformats_default[] = {
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
};
-/* The client's default curves / the server's 'auto' curves. */
-static const unsigned char eccurves_auto[] = {
+/* The default curves */
+static const unsigned char eccurves_default[] = {
/* Prefer P-256 which has the fastest and most secure implementations. */
0, 23, /* secp256r1 (23) */
/* Other >= 256-bit prime curves. */
@@ -438,13 +438,8 @@ static int tls1_get_curvelist(SSL *s, int sess,
pcurveslen = s->tlsext_ellipticcurvelist_length;
}
if (!*pcurves) {
- if (!s->server || s->cert->ecdh_tmp_auto) {
- *pcurves = eccurves_auto;
- pcurveslen = sizeof(eccurves_auto);
- } else {
- *pcurves = eccurves_all;
- pcurveslen = sizeof(eccurves_all);
- }
+ *pcurves = eccurves_default;
+ pcurveslen = sizeof(eccurves_default);
}
}
@@ -507,8 +502,9 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
}
/*-
- * Return |nmatch|th shared curve or NID_undef if there is no match.
- * For nmatch == -1, return number of matches
+ * For nmatch >= 0, return the NID of the |nmatch|th shared curve or NID_undef
+ * if there is no match.
+ * For nmatch == -1, return number of matches
* For nmatch == -2, return the NID of the curve to use for
* an EC tmp key, or NID_undef if there is no match.
*/
@@ -842,11 +838,18 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
}
# ifndef OPENSSL_NO_EC
-/* Check EC temporary key is compatible with client extensions */
+/*
+ * tls1_check_ec_tmp_key - Check EC temporary key compatiblity
+ * @s: SSL connection
+ * @cid: Cipher ID we're considering using
+ *
+ * Checks that the kECDHE cipher suite we're considering using
+ * is compatible with the client extensions.
+ *
+ * Returns 0 when the cipher can't be used or 1 when it can.
+ */
int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
{
- unsigned char curve_id[2];
- EC_KEY *ec = s->cert->ecdh_tmp;
# ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/* Allow any curve: not just those peer supports */
if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
@@ -857,6 +860,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
* curves permitted.
*/
if (tls1_suiteb(s)) {
+ unsigned char curve_id[2];
/* Curve to check determined by ciphersuite */
if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
curve_id[1] = TLSEXT_curve_P_256;
@@ -868,43 +872,12 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
/* Check this curve is acceptable */
if (!tls1_check_ec_key(s, curve_id, NULL))
return 0;
- /* If auto or setting curve from callback assume OK */
- if (s->cert->ecdh_tmp_auto || s->cert->ecdh_tmp_cb)
- return 1;
- /* Otherwise check curve is acceptable */
- else {
- unsigned char curve_tmp[2];
- if (!ec)
- return 0;
- if (!tls1_set_ec_id(curve_tmp, NULL, ec))
- return 0;
- if (!curve_tmp[0] || curve_tmp[1] == curve_id[1])
- return 1;
- return 0;
- }
-
- }
- if (s->cert->ecdh_tmp_auto) {
- /* Need a shared curve */
- if (tls1_shared_curve(s, 0))
- return 1;
- else
- return 0;
- }
- if (!ec) {
- if (s->cert->ecdh_tmp_cb)
- return 1;
- else
- return 0;
+ return 1;
}
- if (!tls1_set_ec_id(curve_id, NULL, ec))
- return 0;
-/* Set this to allow use of invalid curves for testing */
-# if 0
- return 1;
-# else
- return tls1_check_ec_key(s, curve_id, NULL);
-# endif
+ /* Need a shared curve */
+ if (tls1_shared_curve(s, 0))
+ return 1;
+ return 0;
}
# endif /* OPENSSL_NO_EC */
diff --git a/util/ssleay.num b/util/ssleay.num
index f737aac..1d23afb 100755
--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -217,8 +217,8 @@ SSL_renegotiate_pending 265 EXIST::FUNCTION:
SSL_CTX_set_msg_callback 266 EXIST::FUNCTION:
SSL_set_msg_callback 267 EXIST::FUNCTION:
DTLSv1_client_method 268 EXIST::FUNCTION:
-SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:EC
-SSL_set_tmp_ecdh_callback 270 EXIST::FUNCTION:EC
+SSL_CTX_set_tmp_ecdh_callback 269 NOEXIST::FUNCTION:
+SSL_set_tmp_ecdh_callback 270 NOEXIST::FUNCTION:
SSL_COMP_get_name 271 EXIST::FUNCTION:
SSL_get_current_compression 272 EXIST::FUNCTION:
DTLSv1_method 273 EXIST::FUNCTION:
More information about the openssl-commits
mailing list