From: guenther Date: Mon, 28 Jul 2014 04:23:12 +0000 (+0000) Subject: The RSA, DH, and ECDH temporary key callbacks expect the number of keybits X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=50b85d1c40033a9c6fc8d887425e242e4d66e710;p=openbsd The RSA, DH, and ECDH temporary key callbacks expect the number of keybits for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as their second argument, not zero. (jsing@ notes that the RSA callback is only invoked for 'export' ciphers, which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA option, which is makes the application non-compliant. More fuel for the tedu fire...) jasper@ noted the breakage and bisected it down to the diff that broke this ok jsing@ miod@ --- diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index ecf4a198b16..6f1d436d18b 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.33 2014/07/12 22:33:39 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.34 2014/07/28 04:23:12 guenther Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1034,7 +1034,8 @@ dtls1_send_server_key_exchange(SSL *s) if (type & SSL_kRSA) { rsa = cert->rsa_tmp; if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { - rsa = s->cert->rsa_tmp_cb(s, 0, 0); + rsa = s->cert->rsa_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (rsa == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY); @@ -1055,7 +1056,8 @@ dtls1_send_server_key_exchange(SSL *s) if (type & SSL_kDHE) { dhp = cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) - dhp = s->cert->dh_tmp_cb(s, 0, 0); + dhp = s->cert->dh_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (dhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY); @@ -1099,7 +1101,8 @@ dtls1_send_server_key_exchange(SSL *s) ecdhp = cert->ecdh_tmp; if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) - ecdhp = s->cert->ecdh_tmp_cb(s, 0, 0); + ecdhp = s->cert->ecdh_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (ecdhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY); diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 8d47a16b559..ed2aaf19b52 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.79 2014/07/28 04:23:12 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1395,7 +1395,8 @@ ssl3_send_server_key_exchange(SSL *s) if (type & SSL_kRSA) { rsa = cert->rsa_tmp; if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { - rsa = s->cert->rsa_tmp_cb(s, 0, 0); + rsa = s->cert->rsa_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (rsa == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr( @@ -1419,7 +1420,8 @@ ssl3_send_server_key_exchange(SSL *s) if (type & SSL_kDHE) { dhp = cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) - dhp = s->cert->dh_tmp_cb(s, 0, 0); + dhp = s->cert->dh_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (dhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, @@ -1468,7 +1470,8 @@ ssl3_send_server_key_exchange(SSL *s) ecdhp = cert->ecdh_tmp; if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) - ecdhp = s->cert->ecdh_tmp_cb(s, 0, 0); + ecdhp = s->cert->ecdh_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (ecdhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c index ecf4a198b16..6f1d436d18b 100644 --- a/lib/libssl/src/ssl/d1_srvr.c +++ b/lib/libssl/src/ssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.33 2014/07/12 22:33:39 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.34 2014/07/28 04:23:12 guenther Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1034,7 +1034,8 @@ dtls1_send_server_key_exchange(SSL *s) if (type & SSL_kRSA) { rsa = cert->rsa_tmp; if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { - rsa = s->cert->rsa_tmp_cb(s, 0, 0); + rsa = s->cert->rsa_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (rsa == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY); @@ -1055,7 +1056,8 @@ dtls1_send_server_key_exchange(SSL *s) if (type & SSL_kDHE) { dhp = cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) - dhp = s->cert->dh_tmp_cb(s, 0, 0); + dhp = s->cert->dh_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (dhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY); @@ -1099,7 +1101,8 @@ dtls1_send_server_key_exchange(SSL *s) ecdhp = cert->ecdh_tmp; if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) - ecdhp = s->cert->ecdh_tmp_cb(s, 0, 0); + ecdhp = s->cert->ecdh_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (ecdhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY); diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 8d47a16b559..ed2aaf19b52 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.79 2014/07/28 04:23:12 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1395,7 +1395,8 @@ ssl3_send_server_key_exchange(SSL *s) if (type & SSL_kRSA) { rsa = cert->rsa_tmp; if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { - rsa = s->cert->rsa_tmp_cb(s, 0, 0); + rsa = s->cert->rsa_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (rsa == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr( @@ -1419,7 +1420,8 @@ ssl3_send_server_key_exchange(SSL *s) if (type & SSL_kDHE) { dhp = cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) - dhp = s->cert->dh_tmp_cb(s, 0, 0); + dhp = s->cert->dh_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (dhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, @@ -1468,7 +1470,8 @@ ssl3_send_server_key_exchange(SSL *s) ecdhp = cert->ecdh_tmp; if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) - ecdhp = s->cert->ecdh_tmp_cb(s, 0, 0); + ecdhp = s->cert->ecdh_tmp_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); if (ecdhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index 34e6337856b..3c1c444cb07 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.62 2014/07/12 22:33:39 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.63 2014/07/28 04:23:12 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -368,6 +368,12 @@ #define SSL_MEDIUM 0x00000040L #define SSL_HIGH 0x00000080L +/* + * The keylength (measured in RSA key bits, I guess) for temporary keys. + * Cipher argument is so that this can be variable in the future. + */ +#define SSL_C_PKEYLENGTH(c) 1024 + /* Check if an SSL structure is using DTLS. */ #define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 34e6337856b..3c1c444cb07 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.62 2014/07/12 22:33:39 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.63 2014/07/28 04:23:12 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -368,6 +368,12 @@ #define SSL_MEDIUM 0x00000040L #define SSL_HIGH 0x00000080L +/* + * The keylength (measured in RSA key bits, I guess) for temporary keys. + * Cipher argument is so that this can be variable in the future. + */ +#define SSL_C_PKEYLENGTH(c) 1024 + /* Check if an SSL structure is using DTLS. */ #define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)