commit 7e06de5d2d1b53c57c0c81e8d6ba4122b64cf626
author Matthew Braithwaite <mab@google.com> Mon Apr 10 15:52:14 2017 -0700
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Apr 11 23:41:31 2017 +0000
tree 3c83743c185bcb8805e719000137181bbc0b5af1
parent cb3af3e9c1ddf69d3f96f9f59d57e8e4375a7e78

Really remove DHE ciphersuites from TLS.

This follows up on cedc6f18 by removing support for the
-DBORINGSSL_ENABLE_DHE_TLS compile flag, and the code needed to
support it.

Change-Id: I53b6aa7a0eddd23ace8b770edb2a31b18ba2ce26
Reviewed-on: https://boringssl-review.googlesource.com/14886
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/handshake_client.c

diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index e649680..0629078 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -156,7 +156,6 @@
 #include <openssl/bn.h>
 #include <openssl/buf.h>
 #include <openssl/bytestring.h>
-#include <openssl/dh.h>
 #include <openssl/ec_key.h>
 #include <openssl/ecdsa.h>
 #include <openssl/err.h>
@@ -1133,7 +1132,6 @@
 static int ssl3_get_server_key_exchange(SSL_HANDSHAKE *hs) {
   SSL *const ssl = hs->ssl;
   int al;
-  DH *dh = NULL;
   EC_KEY *ecdh = NULL;
   EC_POINT *srvr_ecpoint = NULL;
 
@@ -1204,50 +1202,7 @@
     }
   }
 
-  if (alg_k & SSL_kDHE) {
-    CBS dh_p, dh_g, dh_Ys;
-    if (!CBS_get_u16_length_prefixed(&server_key_exchange, &dh_p) ||
-        CBS_len(&dh_p) == 0 ||
-        !CBS_get_u16_length_prefixed(&server_key_exchange, &dh_g) ||
-        CBS_len(&dh_g) == 0 ||
-        !CBS_get_u16_length_prefixed(&server_key_exchange, &dh_Ys) ||
-        CBS_len(&dh_Ys) == 0) {
-      al = SSL_AD_DECODE_ERROR;
-      OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
-      goto f_err;
-    }
-
-    dh = DH_new();
-    if (dh == NULL) {
-      goto err;
-    }
-
-    dh->p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL);
-    dh->g = BN_bin2bn(CBS_data(&dh_g), CBS_len(&dh_g), NULL);
-    if (dh->p == NULL || dh->g == NULL) {
-      goto err;
-    }
-
-    unsigned bits = DH_num_bits(dh);
-    if (bits < 1024) {
-      OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_DH_P_LENGTH);
-      goto err;
-    } else if (bits > 4096) {
-      /* Overly large DHE groups are prohibitively expensive, so enforce a limit
-       * to prevent a server from causing us to perform too expensive of a
-       * computation. */
-      OPENSSL_PUT_ERROR(SSL, SSL_R_DH_P_TOO_LONG);
-      goto err;
-    }
-
-    SSL_ECDH_CTX_init_for_dhe(&hs->ecdh_ctx, dh);
-    dh = NULL;
-
-    /* Save the peer public key for later. */
-    if (!CBS_stow(&dh_Ys, &hs->peer_key, &hs->peer_key_len)) {
-      goto err;
-    }
-  } else if (alg_k & SSL_kECDHE) {
+  if (alg_k & SSL_kECDHE) {
     /* Parse the server parameters. */
     uint8_t group_type;
     uint16_t group_id;
@@ -1363,7 +1318,6 @@
 f_err:
   ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
 err:
-  DH_free(dh);
   EC_POINT_free(srvr_ecpoint);
   EC_KEY_free(ecdh);
   return -1;
@@ -1590,10 +1544,10 @@
         !CBB_flush(&body)) {
       goto err;
     }
-  } else if (alg_k & (SSL_kECDHE|SSL_kDHE)) {
+  } else if (alg_k & SSL_kECDHE) {
     /* Generate a keypair and serialize the public half. */
     CBB child;
-    if (!SSL_ECDH_CTX_add_key(&hs->ecdh_ctx, &body, &child)) {
+    if (!CBB_add_u8_length_prefixed(&body, &child)) {
       goto err;
     }