Remove ECDH_RSA, ECDH_ECDSA, DH_RSA, and DH_DSS.
These are the variants where the CA signs a Diffie-Hellman keypair. They are
not supported by Chrome on NSS.
Change-Id: I569a7ac58454bd3ed1cd5292d1f98499012cdf01
Reviewed-on: https://boringssl-review.googlesource.com/1564
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 40a1f63..a7287dd 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -195,20 +195,12 @@
#define SSL_TXT_aNULL "aNULL"
#define SSL_TXT_kRSA "kRSA"
-#define SSL_TXT_kDHr "kDHr"
-#define SSL_TXT_kDHd "kDHd"
-#define SSL_TXT_kDH "kDH"
#define SSL_TXT_kEDH "kEDH"
-#define SSL_TXT_kECDHr "kECDHr"
-#define SSL_TXT_kECDHe "kECDHe"
-#define SSL_TXT_kECDH "kECDH"
#define SSL_TXT_kEECDH "kEECDH"
#define SSL_TXT_kPSK "kPSK"
#define SSL_TXT_aRSA "aRSA"
#define SSL_TXT_aDSS "aDSS"
-#define SSL_TXT_aDH "aDH"
-#define SSL_TXT_aECDH "aECDH"
#define SSL_TXT_aECDSA "aECDSA"
#define SSL_TXT_aPSK "aPSK"
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 253cf81..950b861 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1374,12 +1374,6 @@
s->session->sess_cert->peer_dh_tmp=dh;
dh=NULL;
}
- else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- OPENSSL_PUT_ERROR(SSL, ssl3_get_server_key_exchange, SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
- goto f_err;
- }
#endif /* !OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
@@ -2074,7 +2068,7 @@
OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
}
#ifndef OPENSSL_NO_DH
- else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ else if (alg_k & SSL_kEDH)
{
DH *dh_srvr,*dh_clnt;
SESS_CERT *scert = s->session->sess_cert;
@@ -2086,28 +2080,13 @@
goto err;
}
- if (scert->peer_dh_tmp != NULL)
- dh_srvr=scert->peer_dh_tmp;
- else
+ if (scert->peer_dh_tmp == NULL)
{
- /* we get them from the cert */
- int idx = scert->peer_cert_type;
- EVP_PKEY *spkey = NULL;
- dh_srvr = NULL;
- if (idx >= 0)
- spkey = X509_get_pubkey(
- scert->peer_pkeys[idx].x509);
- if (spkey)
- {
- dh_srvr = EVP_PKEY_get1_DH(spkey);
- EVP_PKEY_free(spkey);
- }
- if (dh_srvr == NULL)
- {
- OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_INTERNAL_ERROR);
- goto err;
- }
+ OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_INTERNAL_ERROR);
+ goto err;
}
+ dh_srvr=scert->peer_dh_tmp;
+
/* generate a new random key */
if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
{
@@ -2125,9 +2104,6 @@
* make sure to clear it out afterwards */
n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
- if (scert->peer_dh_tmp == NULL)
- DH_free(dh_srvr);
-
if (n <= 0)
{
OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_DH_LIB);
@@ -2155,7 +2131,7 @@
#endif
#ifndef OPENSSL_NO_ECDH
- else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+ else if (alg_k & SSL_kEECDH)
{
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
@@ -2172,25 +2148,12 @@
goto err;
}
- if (s->session->sess_cert->peer_ecdh_tmp != NULL)
+ if (s->session->sess_cert->peer_ecdh_tmp == NULL)
{
- tkey = s->session->sess_cert->peer_ecdh_tmp;
+ OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_INTERNAL_ERROR);
+ goto err;
}
- else
- {
- /* Get the Server Public Key from Cert */
- srvr_pub_pkey = X509_get_pubkey(s->session-> \
- sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
- if ((srvr_pub_pkey == NULL) ||
- (srvr_pub_pkey->type != EVP_PKEY_EC) ||
- (srvr_pub_pkey->pkey.ec == NULL))
- {
- OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- tkey = srvr_pub_pkey->pkey.ec;
- }
+ tkey = s->session->sess_cert->peer_ecdh_tmp;
srvr_group = EC_KEY_get0_group(tkey);
srvr_ecpoint = EC_KEY_get0_public_key(tkey);
@@ -2624,11 +2587,6 @@
OPENSSL_PUT_ERROR(SSL, ssl3_check_cert_and_algorithm, SSL_R_MISSING_ECDSA_SIGNING_CERT);
goto f_err;
}
- else if (alg_k & (SSL_kECDHr|SSL_kECDHe))
- {
- OPENSSL_PUT_ERROR(SSL, ssl3_check_cert_and_algorithm, SSL_R_MISSING_ECDH_CERT);
- goto f_err;
- }
#endif
pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
@@ -2661,20 +2619,6 @@
OPENSSL_PUT_ERROR(SSL, ssl3_check_cert_and_algorithm, SSL_R_MISSING_DH_KEY);
goto f_err;
}
- else if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) &&
- !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
- {
- OPENSSL_PUT_ERROR(SSL, ssl3_check_cert_and_algorithm, SSL_R_MISSING_DH_RSA_CERT);
- goto f_err;
- }
-#ifndef OPENSSL_NO_DSA
- else if ((alg_k & SSL_kDHd) && !SSL_USE_SIGALGS(s) &&
- !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
- {
- OPENSSL_PUT_ERROR(SSL, ssl3_check_cert_and_algorithm, SSL_R_MISSING_DH_DSA_CERT);
- goto f_err;
- }
-#endif
#endif
return(1);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c151a8b..aa685e2 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -250,36 +250,6 @@
128,
128,
},
-/* Cipher 30 */
- {
- 1,
- TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
- TLS1_CK_DH_DSS_WITH_AES_128_SHA,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-/* Cipher 31 */
- {
- 1,
- TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
- TLS1_CK_DH_RSA_WITH_AES_128_SHA,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
/* Cipher 32 */
{
1,
@@ -341,37 +311,6 @@
256,
256,
},
-/* Cipher 36 */
- {
- 1,
- TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
- TLS1_CK_DH_DSS_WITH_AES_256_SHA,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
- },
-
-/* Cipher 37 */
- {
- 1,
- TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
- TLS1_CK_DH_RSA_WITH_AES_256_SHA,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
- },
/* Cipher 38 */
{
@@ -454,38 +393,6 @@
256,
},
- /* Cipher 3E */
- {
- 1,
- TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
- TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher 3F */
- {
- 1,
- TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
- TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-
/* Cipher 40 */
{
1,
@@ -538,38 +445,6 @@
128,
},
- /* Cipher 68 */
- {
- 1,
- TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
- TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES256,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
- },
-
- /* Cipher 69 */
- {
- 1,
- TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
- TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES256,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
- },
-
/* Cipher 6A */
{
1,
@@ -751,39 +626,6 @@
256,
},
- /* Cipher A0 */
- {
- 1,
- TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
- 128,
- 128,
- },
-
- /* Cipher A1 */
- {
- 1,
- TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
- 256,
- 256,
- },
-
/* Cipher A2 */
{
1,
@@ -817,39 +659,6 @@
256,
},
- /* Cipher A4 */
- {
- 1,
- TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
- TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
- 128,
- 128,
- },
-
- /* Cipher A5 */
- {
- 1,
- TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
- TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
- 256,
- 256,
- },
-
/* Cipher A6 */
{
1,
@@ -884,54 +693,6 @@
},
#ifndef OPENSSL_NO_ECDH
- /* Cipher C002 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C004 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C005 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
- },
-
/* Cipher C007 */
{
1,
@@ -980,54 +741,6 @@
256,
},
- /* Cipher C00C */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C00E */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C00F */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
- },
-
/* Cipher C011 */
{
1,
@@ -1161,38 +874,6 @@
256,
},
- /* Cipher C025 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C026 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
- },
-
/* Cipher C027 */
{
1,
@@ -1225,38 +906,6 @@
256,
},
- /* Cipher C029 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C02A */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
- },
-
/* GCM based TLS v1.2 ciphersuites from RFC5289 */
/* Cipher C02B */
@@ -1292,39 +941,6 @@
256,
},
- /* Cipher C02D */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
- 128,
- 128,
- },
-
- /* Cipher C02E */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
- 256,
- 256,
- },
-
/* Cipher C02F */
{
1,
@@ -1358,39 +974,6 @@
256,
},
- /* Cipher C031 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
- 128,
- 128,
- },
-
- /* Cipher C032 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
- 256,
- 256,
- },
-
/* ECDH PSK ciphersuites */
/* Cipher CAFE */
{
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 231c47f..52382b4 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2118,12 +2118,10 @@
premaster_secret_len = sizeof(rand_premaster_secret);
}
#ifndef OPENSSL_NO_DH
- else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ else if (alg_k & SSL_kEDH)
{
CBS dh_Yc;
- int idx = -1;
int dh_len;
- EVP_PKEY *skey = NULL;
if (!CBS_get_u16_length_prefixed(&client_key_exchange, &dh_Yc) ||
CBS_len(&dh_Yc) == 0 ||
@@ -2134,31 +2132,13 @@
goto f_err;
}
- if (alg_k & SSL_kDHr)
- idx = SSL_PKEY_DH_RSA;
- else if (alg_k & SSL_kDHd)
- idx = SSL_PKEY_DH_DSA;
- if (idx >= 0)
- {
- skey = s->cert->pkeys[idx].privatekey;
- if ((skey == NULL) ||
- (skey->type != EVP_PKEY_DH) ||
- (skey->pkey.dh == NULL))
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- OPENSSL_PUT_ERROR(SSL, ssl3_get_client_key_exchange, SSL_R_MISSING_RSA_CERTIFICATE);
- goto f_err;
- }
- dh_srvr = skey->pkey.dh;
- }
- else if (s->s3->tmp.dh == NULL)
+ if (s->s3->tmp.dh == NULL)
{
al=SSL_AD_HANDSHAKE_FAILURE;
OPENSSL_PUT_ERROR(SSL, ssl3_get_client_key_exchange, SSL_R_MISSING_TMP_DH_KEY);
goto f_err;
}
- else
- dh_srvr=s->s3->tmp.dh;
+ dh_srvr=s->s3->tmp.dh;
pub = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL);
if (pub == NULL)
@@ -2193,7 +2173,7 @@
#endif
#ifndef OPENSSL_NO_ECDH
- else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+ else if (alg_k & SSL_kEECDH)
{
int field_size = 0, ecdh_len;
const EC_KEY *tkey;
@@ -2208,19 +2188,9 @@
goto err;
}
- /* Let's get server private key and group information */
- if (alg_k & (SSL_kECDHr|SSL_kECDHe))
- {
- /* use the certificate */
- tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
- }
- else
- {
- /* use the ephermeral values we saved when
- * generating the ServerKeyExchange msg.
- */
- tkey = s->s3->tmp.ecdh;
- }
+ /* Use the ephermeral values we saved when generating the
+ * ServerKeyExchange msg. */
+ tkey = s->s3->tmp.ecdh;
group = EC_KEY_get0_group(tkey);
priv_key = EC_KEY_get0_private_key(tkey);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 4c4419d..9ce1688 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -203,17 +203,11 @@
* e.g. kEDH combines DHE_DSS and DHE_RSA) */
{0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
- {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_DH,0, SSL_kEDH,0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
- {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_ECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
@@ -222,8 +216,6 @@
{0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
{0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
{0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
- {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
- {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
{0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
{0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
{0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
@@ -1404,21 +1396,9 @@
case SSL_kRSA:
kx="RSA";
break;
- case SSL_kDHr:
- kx="DH/RSA";
- break;
- case SSL_kDHd:
- kx="DH/DSS";
- break;
case SSL_kEDH:
kx="DH";
break;
- case SSL_kECDHr:
- kx="ECDH/RSA";
- break;
- case SSL_kECDHe:
- kx="ECDH/ECDSA";
- break;
case SSL_kEECDH:
kx="ECDH";
break;
@@ -1437,12 +1417,6 @@
case SSL_aDSS:
au="DSS";
break;
- case SSL_aDH:
- au="DH";
- break;
- case SSL_aECDH:
- au="ECDH";
- break;
case SSL_aNULL:
au="None";
break;
@@ -1575,10 +1549,6 @@
switch (cipher->algorithm_mkey) {
case SSL_kRSA:
return SSL_TXT_RSA;
- case SSL_kDHr:
- return SSL_TXT_DH "_" SSL_TXT_RSA;
- case SSL_kDHd:
- return SSL_TXT_DH "_" SSL_TXT_DSS;
case SSL_kEDH:
switch (cipher->algorithm_auth) {
case SSL_aDSS:
@@ -1590,10 +1560,6 @@
default:
return "UNKNOWN";
}
- case SSL_kECDHr:
- return SSL_TXT_ECDH "_" SSL_TXT_RSA;
- case SSL_kECDHe:
- return SSL_TXT_ECDH "_" SSL_TXT_ECDSA;
case SSL_kEECDH:
switch (cipher->algorithm_auth) {
case SSL_aECDSA:
@@ -1645,32 +1611,10 @@
/* For a cipher return the index corresponding to the certificate type */
int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
{
- unsigned long alg_k, alg_a;
+ unsigned long alg_a = c->algorithm_auth;
- alg_k = c->algorithm_mkey;
- alg_a = c->algorithm_auth;
-
- if (alg_k & (SSL_kECDHr|SSL_kECDHe))
- {
- /* we don't need to look at SSL_kEECDH
- * since no certificate is needed for
- * anon ECDH and for authenticated
- * EECDH, the check for the auth
- * algorithm will set i correctly
- * NOTE: For ECDH-RSA, we need an ECC
- * not an RSA cert but for EECDH-RSA
- * we need an RSA cert. Placing the
- * checks for SSL_kECDH before RSA
- * checks ensures the correct cert is chosen.
- */
+ if (alg_a & SSL_aECDSA)
return SSL_PKEY_ECC;
- }
- else if (alg_a & SSL_aECDSA)
- return SSL_PKEY_ECC;
- else if (alg_k & SSL_kDHr)
- return SSL_PKEY_DH_RSA;
- else if (alg_k & SSL_kDHd)
- return SSL_PKEY_DH_DSA;
else if (alg_a & SSL_aDSS)
return SSL_PKEY_DSA_SIGN;
else if (alg_a & SSL_aRSA)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5e633c1..5bf2438 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2168,18 +2168,16 @@
void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
{
CERT_PKEY *cpk;
- int rsa_enc,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
+ int rsa_enc,rsa_sign,dh_tmp,dsa_sign;
unsigned long mask_k,mask_a;
#ifndef OPENSSL_NO_ECDSA
int have_ecc_cert, ecdsa_ok;
#endif
#ifndef OPENSSL_NO_ECDH
- int have_ecdh_tmp, ecdh_ok;
+ int have_ecdh_tmp;
#endif
#ifndef OPENSSL_NO_EC
X509 *x = NULL;
- EVP_PKEY *ecc_pkey = NULL;
- int signature_nid = 0, pk_nid = 0, md_nid = 0;
#endif
if (c == NULL) return;
@@ -2198,11 +2196,6 @@
rsa_sign= cpk->valid_flags & CERT_PKEY_SIGN;
cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
dsa_sign= cpk->valid_flags & CERT_PKEY_SIGN;
- cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
- dh_rsa= cpk->valid_flags & CERT_PKEY_VALID;
- cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
-/* FIX THIS EAY EAY EAY */
- dh_dsa= cpk->valid_flags & CERT_PKEY_VALID;
cpk= &(c->pkeys[SSL_PKEY_ECC]);
#ifndef OPENSSL_NO_EC
have_ecc_cert= cpk->valid_flags & CERT_PKEY_VALID;
@@ -2219,23 +2212,9 @@
if (rsa_enc)
mask_k|=SSL_kRSA;
-#if 0
- /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
- if ( (dh_tmp || dh_rsa || dh_dsa) &&
- (rsa_enc || rsa_sign || dsa_sign))
- mask_k|=SSL_kEDH;
-#endif
-
if (dh_tmp)
mask_k|=SSL_kEDH;
- if (dh_rsa) mask_k|=SSL_kDHr;
-
- if (dh_dsa) mask_k|=SSL_kDHd;
-
- if (mask_k & (SSL_kDHr|SSL_kDHd))
- mask_a |= SSL_aDH;
-
if (rsa_enc || rsa_sign)
{
mask_a|=SSL_aRSA;
@@ -2248,9 +2227,8 @@
mask_a|=SSL_aNULL;
- /* An ECC certificate may be usable for ECDH and/or
- * ECDSA cipher suites depending on the key usage extension.
- */
+ /* An ECC certificate may be usable for ECDSA cipher suites depending on
+ * the key usage extension. */
#ifndef OPENSSL_NO_EC
if (have_ecc_cert)
{
@@ -2258,36 +2236,10 @@
x = cpk->x509;
/* This call populates extension flags (ex_flags) */
X509_check_purpose(x, -1, 0);
- ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
- (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
(x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
if (!(cpk->valid_flags & CERT_PKEY_SIGN))
ecdsa_ok = 0;
- ecc_pkey = X509_get_pubkey(x);
- EVP_PKEY_free(ecc_pkey);
- if ((x->sig_alg) && (x->sig_alg->algorithm))
- {
- signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
- OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
- }
-#ifndef OPENSSL_NO_ECDH
- if (ecdh_ok)
- {
-
- if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
- {
- mask_k|=SSL_kECDHr;
- mask_a|=SSL_aECDH;
- }
-
- if (pk_nid == NID_X9_62_id_ecPublicKey)
- {
- mask_k|=SSL_kECDHe;
- mask_a|=SSL_aECDH;
- }
- }
-#endif
#ifndef OPENSSL_NO_ECDSA
if (ecdsa_ok)
{
@@ -2320,11 +2272,10 @@
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
{
- unsigned long alg_k, alg_a;
+ unsigned long alg_a;
int signature_nid = 0, md_nid = 0, pk_nid = 0;
const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
- alg_k = cs->algorithm_mkey;
alg_a = cs->algorithm_auth;
/* This call populates the ex_flags field correctly */
@@ -2334,34 +2285,6 @@
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
}
- if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
- {
- /* key usage, if present, must allow key agreement */
- if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
- {
- OPENSSL_PUT_ERROR(SSL, ssl_check_srvr_ecc_cert_and_alg, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
- return 0;
- }
- if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
- {
- /* signature alg must be ECDSA */
- if (pk_nid != NID_X9_62_id_ecPublicKey)
- {
- OPENSSL_PUT_ERROR(SSL, ssl_check_srvr_ecc_cert_and_alg, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
- return 0;
- }
- }
- if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION)
- {
- /* signature alg must be RSA */
-
- if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
- {
- OPENSSL_PUT_ERROR(SSL, ssl_check_srvr_ecc_cert_and_alg, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
- return 0;
- }
- }
- }
if (alg_a & SSL_aECDSA)
{
/* key usage, if present, must allow signing */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 0f6cebc..c2c7f21 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -275,22 +275,16 @@
/* Bits for algorithm_mkey (key exchange algorithm) */
#define SSL_kRSA 0x00000001L /* RSA key exchange */
-#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */
-#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */
-#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */
-#define SSL_kECDHr 0x00000010L /* ECDH cert, RSA CA cert */
-#define SSL_kECDHe 0x00000020L /* ECDH cert, ECDSA CA cert */
-#define SSL_kEECDH 0x00000040L /* ephemeral ECDH */
-#define SSL_kPSK 0x00000080L /* PSK */
+#define SSL_kEDH 0x00000002L /* tmp DH key no DH cert */
+#define SSL_kEECDH 0x00000004L /* ephemeral ECDH */
+#define SSL_kPSK 0x00000008L /* PSK */
/* Bits for algorithm_auth (server authentication) */
#define SSL_aRSA 0x00000001L /* RSA auth */
#define SSL_aDSS 0x00000002L /* DSS auth */
#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
-#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */
-#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
-#define SSL_aECDSA 0x00000020L /* ECDSA auth*/
-#define SSL_aPSK 0x00000040L /* PSK auth */
+#define SSL_aECDSA 0x00000008L /* ECDSA auth*/
+#define SSL_aPSK 0x00000010L /* PSK auth */
/* Bits for algorithm_enc (symmetric encryption) */
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index cdbc6c3..ff9414a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -891,23 +891,20 @@
#endif
}
}
- /* Disable auth and static DH if we don't include any appropriate
- * signature algorithms.
+ /* Disable auth if we don't include any appropriate signature
+ * algorithms.
*/
if (!have_rsa)
{
c->mask_a |= SSL_aRSA;
- c->mask_k |= SSL_kDHr|SSL_kECDHr;
}
if (!have_dsa)
{
c->mask_a |= SSL_aDSS;
- c->mask_k |= SSL_kDHd;
}
if (!have_ecdsa)
{
c->mask_a |= SSL_aECDSA;
- c->mask_k |= SSL_kECDHe;
}
/* with PSK there must be client callback set */
if (!s->psk_client_callback)
@@ -941,8 +938,7 @@
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
- if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)
- || (alg_a & SSL_aECDSA)))
+ if ((alg_k & SSL_kEECDH) || (alg_a & SSL_aECDSA))
{
using_ecc = 1;
break;
@@ -1274,7 +1270,7 @@
#ifndef OPENSSL_NO_EC
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
+ int using_ecc = (alg_k & SSL_kEECDH) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
#endif
/* don't add extensions for SSLv3, unless doing secure renegotiation */
@@ -2436,7 +2432,7 @@
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
(s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) &&
- ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
+ ((alg_k & SSL_kEECDH) || (alg_a & SSL_aECDSA)))
{
/* we are using an ECC cipher */
size_t i;
