Author: rjung
Date: Sat May 23 15:28:35 2015
New Revision: 1681357
URL: http://svn.apache.org/r1681357
Log:
Improve DH and ECDH ephemeral key handling.
Backport of r1681126,1681150-1681151,1681172,
1681189,1681218,1681295 from trunk
(which took it from mod_ssl).
Modified:
tomcat/native/branches/1.1.x/ (props changed)
tomcat/native/branches/1.1.x/native/include/ssl_private.h
tomcat/native/branches/1.1.x/native/src/ssl.c
tomcat/native/branches/1.1.x/native/src/sslcontext.c
tomcat/native/branches/1.1.x/native/src/sslnetwork.c
tomcat/native/branches/1.1.x/native/src/sslutils.c
Propchange: tomcat/native/branches/1.1.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat May 23 15:28:35 2015
@@ -1,3 +1,3 @@
-/tomcat/native/trunk:815411,988395,988402,988428,992208,1043611,1043696,1205445,1295445,1342003,1342008,1342013,1342020,1342024,1394258,1394342,1424947,1424971,1430753,1437081,1438342,1439337,1441884,1441886,1442579,1442581,1445972,1507113,1532577,1532590,1539594,1555184,1559180,1588195,1607262,1607267,1607278,1607291,1607477,1648821,1650119,1650304,1658557,1658641-1658642,1658724,1669302,1669496,1681298,1681314,1681323
+/tomcat/native/trunk:815411,988395,988402,988428,992208,1043611,1043696,1205445,1295445,1342003,1342008,1342013,1342020,1342024,1394258,1394342,1424947,1424971,1430753,1437081,1438342,1439337,1441884,1441886,1442579,1442581,1445972,1507113,1532577,1532590,1539594,1555184,1559180,1588195,1607262,1607267,1607278,1607291,1607477,1648821,1650119,1650304,1658557,1658641-1658642,1658724,1669302,1669496,1681126,1681150-1681151,1681172,1681189,1681218,1681295,1681298,1681314,1681323
/tomcat/tc7.0.x/trunk:1199985,1200164,1349932,1434887,1435769
/tomcat/trunk:815418,832198,1001939,1033916,1043103,1044729,1078522,1145209,1145285,1149092,1241356,1241406-1241407,1242254,1292671,1299980,1300102,1434905,1437083
Modified: tomcat/native/branches/1.1.x/native/include/ssl_private.h
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/include/ssl_private.h?rev=1681357&r1=1681356&r2=1681357&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/include/ssl_private.h (original)
+++ tomcat/native/branches/1.1.x/native/include/ssl_private.h Sat May 23
15:28:35 2015
@@ -65,20 +65,6 @@
#define SSL_AIDX_DSA (1)
#define SSL_AIDX_MAX (2)
-/*
- * Define IDs for the temporary RSA keys and DH params
- */
-
-#define SSL_TMP_KEY_RSA_512 (0)
-#define SSL_TMP_KEY_RSA_1024 (1)
-#define SSL_TMP_KEY_RSA_2048 (2)
-#define SSL_TMP_KEY_RSA_4096 (3)
-#define SSL_TMP_KEY_DH_512 (4)
-#define SSL_TMP_KEY_DH_1024 (5)
-#define SSL_TMP_KEY_DH_2048 (6)
-#define SSL_TMP_KEY_DH_4096 (7)
-#define SSL_TMP_KEY_MAX (8)
-
#define SSL_CRT_FORMAT_UNDEF (0)
#define SSL_CRT_FORMAT_ASN1 (1)
#define SSL_CRT_FORMAT_TEXT (2)
@@ -204,14 +190,11 @@
#define OCSP_STATUS_REVOKED 1
#define OCSP_STATUS_UNKNOWN 2
-
/* ECC: make sure we have at least 1.0.0 */
#if !defined(OPENSSL_NO_EC) && defined(TLSEXT_ECPOINTFORMAT_uncompressed)
#define HAVE_ECC 1
#endif
-extern void *SSL_temp_keys[SSL_TMP_KEY_MAX];
-
typedef struct {
/* client can have any number of cert/key pairs */
const char *cert_file;
@@ -299,9 +282,11 @@ int SSL_password_prompt(tcn_pass
int SSL_password_callback(char *, int, int, void *);
void SSL_BIO_close(BIO *);
void SSL_BIO_doref(BIO *);
-DH *SSL_dh_get_tmp_param(int);
-DH *SSL_dh_get_param_from_file(const char *);
-RSA *SSL_callback_tmp_RSA(SSL *, int, int);
+DH *SSL_get_dh_params(unsigned keylen);
+DH *SSL_dh_GetParamFromFile(const char *);
+#ifdef HAVE_ECC
+EC_GROUP *SSL_ec_GetParamFromFile(const char *);
+#endif
DH *SSL_callback_tmp_DH(SSL *, int, int);
void SSL_callback_handshake(const SSL *, int, int);
int SSL_CTX_use_certificate_chain(SSL_CTX *, const char *, int);
Modified: tomcat/native/branches/1.1.x/native/src/ssl.c
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?rev=1681357&r1=1681356&r2=1681357&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/ssl.c (original)
+++ tomcat/native/branches/1.1.x/native/src/ssl.c Sat May 23 15:28:35 2015
@@ -28,7 +28,6 @@ static char *ssl_global_rand_file = NULL
extern apr_pool_t *tcn_global_pool;
ENGINE *tcn_ssl_engine = NULL;
-void *SSL_temp_keys[SSL_TMP_KEY_MAX];
tcn_pass_cb_t tcn_password_callback;
/* Global reference to the pool used by the dynamic mutexes */
@@ -42,43 +41,6 @@ struct CRYPTO_dynlock_value {
apr_thread_mutex_t *mutex;
};
-
-/*
- * Handle the Temporary RSA Keys and DH Params
- */
-
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED)
-#define SSL_TMP_KEY_FREE(type, idx) \
- if (SSL_temp_keys[idx]) { \
- type##_free((type *)SSL_temp_keys[idx]); \
- SSL_temp_keys[idx] = NULL; \
- } else (void)(0)
-#else
-#define SSL_TMP_KEY_FREE(type, idx) SSL_temp_keys[idx] = NULL
-#endif
-
-#define SSL_TMP_KEYS_FREE(type) \
- SSL_TMP_KEY_FREE(type, SSL_TMP_KEY_##type##_512); \
- SSL_TMP_KEY_FREE(type, SSL_TMP_KEY_##type##_1024); \
- SSL_TMP_KEY_FREE(type, SSL_TMP_KEY_##type##_2048); \
- SSL_TMP_KEY_FREE(type, SSL_TMP_KEY_##type##_4096)
-
-#define SSL_TMP_KEY_INIT_RSA(bits) \
- ssl_tmp_key_init_rsa(bits, SSL_TMP_KEY_RSA_##bits)
-
-#define SSL_TMP_KEY_INIT_DH(bits) \
- ssl_tmp_key_init_dh(bits, SSL_TMP_KEY_DH_##bits)
-
-#define SSL_TMP_KEYS_INIT(R) \
- SSL_temp_keys[SSL_TMP_KEY_RSA_2048] = NULL; \
- SSL_temp_keys[SSL_TMP_KEY_RSA_4096] = NULL; \
- R |= SSL_TMP_KEY_INIT_RSA(512); \
- R |= SSL_TMP_KEY_INIT_RSA(1024); \
- R |= SSL_TMP_KEY_INIT_DH(512); \
- R |= SSL_TMP_KEY_INIT_DH(1024); \
- R |= SSL_TMP_KEY_INIT_DH(2048); \
- R |= SSL_TMP_KEY_INIT_DH(4096)
-
/*
* supported_ssl_opts is a bitmask that contains all supported SSL_OP_*
* options at compile-time. This is used in hasOp to determine which
@@ -225,43 +187,78 @@ static const jint supported_ssl_opts = 0
#endif
| 0;
-static int ssl_tmp_key_init_rsa(int bits, int idx)
+/*
+ * Grab well-defined DH parameters from OpenSSL, see the get_rfc*
+ * functions in <openssl/bn.h> for all available primes.
+ */
+static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *), const char *gen)
{
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED)
- if (!(SSL_temp_keys[idx] =
- RSA_generate_key(bits, RSA_F4, NULL, NULL))) {
-#ifdef OPENSSL_FIPS
- /**
- * With FIPS mode short RSA keys cannot be
- * generated.
- */
- if (bits < 1024)
- return 0;
- else
-#endif
- return 1;
+ DH *dh = DH_new();
+
+ if (!dh) {
+ return NULL;
}
- else {
- return 0;
+ dh->p = prime(NULL);
+ BN_dec2bn(&dh->g, gen);
+ if (!dh->p || !dh->g) {
+ DH_free(dh);
+ return NULL;
}
-#else
- return 0;
-#endif
+ return dh;
}
-static int ssl_tmp_key_init_dh(int bits, int idx)
+/* Storage and initialization for DH parameters. */
+static struct dhparam {
+ BIGNUM *(*const prime)(BIGNUM *); /* function to generate... */
+ DH *dh; /* ...this, used for keys.... */
+ const unsigned int min; /* ...of length >= this. */
+} dhparams[] = {
+ { get_rfc3526_prime_8192, NULL, 6145 },
+ { get_rfc3526_prime_6144, NULL, 4097 },
+ { get_rfc3526_prime_4096, NULL, 3073 },
+ { get_rfc3526_prime_3072, NULL, 2049 },
+ { get_rfc3526_prime_2048, NULL, 1025 },
+ { get_rfc2409_prime_1024, NULL, 0 }
+};
+
+static void init_dh_params(void)
{
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED)
- if (!(SSL_temp_keys[idx] =
- SSL_dh_get_tmp_param(bits)))
- return 1;
- else
- return 0;
-#else
- return 0;
-#endif
+ unsigned n;
+
+ for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++)
+ dhparams[n].dh = make_dh_params(dhparams[n].prime, "2");
+}
+
+static void free_dh_params(void)
+{
+ unsigned n;
+
+ /* DH_free() is a noop for a NULL parameter, so these are harmless
+ * in the (unexpected) case where these variables are already
+ * NULL. */
+ for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++) {
+ DH_free(dhparams[n].dh);
+ dhparams[n].dh = NULL;
+ }
}
+/* Hand out the same DH structure though once generated as we leak
+ * memory otherwise and freeing the structure up after use would be
+ * hard to track and in fact is not needed at all as it is safe to
+ * use the same parameters over and over again security wise (in
+ * contrast to the keys itself) and code safe as the returned structure
+ * is duplicated by OpenSSL anyway. Hence no modification happens
+ * to our copy. */
+DH *SSL_get_dh_params(unsigned keylen)
+{
+ unsigned n;
+
+ for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++)
+ if (keylen >= dhparams[n].min)
+ return dhparams[n].dh;
+
+ return NULL; /* impossible to reach. */
+}
TCN_IMPLEMENT_CALL(jint, SSL, version)(TCN_STDARGS)
{
@@ -293,8 +290,8 @@ static apr_status_t ssl_init_cleanup(voi
tcn_password_callback.cb.obj);
}
- SSL_TMP_KEYS_FREE(RSA);
- SSL_TMP_KEYS_FREE(DH);
+ free_dh_params();
+
/*
* Try to kill the internals of the SSL library.
*/
@@ -644,7 +641,6 @@ static int ssl_rand_make(const char *fil
TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine)
{
- int r = 0;
TCN_ALLOC_CSTRING(engine);
UNREFERENCED(o);
@@ -722,13 +718,8 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize
/* For SSL_get_app_data2() at request time */
SSL_init_app_data2_idx();
- SSL_TMP_KEYS_INIT(r);
- if (r) {
- TCN_FREE_CSTRING(engine);
- ssl_init_cleanup(NULL);
- tcn_ThrowAPRException(e, APR_ENOTIMPL);
- return APR_ENOTIMPL;
- }
+ init_dh_params();
+
/*
* Let us cleanup the ssl library when the library is unloaded
*/
@@ -1081,47 +1072,6 @@ TCN_IMPLEMENT_CALL(void, SSL, setPasswor
TCN_FREE_CSTRING(password);
}
-TCN_IMPLEMENT_CALL(jboolean, SSL, generateRSATempKey)(TCN_STDARGS, jint idx)
-{
- int r = 1;
- UNREFERENCED_STDARGS;
- SSL_TMP_KEY_FREE(RSA, idx);
- switch (idx) {
- case SSL_TMP_KEY_RSA_512:
- r = SSL_TMP_KEY_INIT_RSA(512);
- break;
- case SSL_TMP_KEY_RSA_1024:
- r = SSL_TMP_KEY_INIT_RSA(1024);
- break;
- case SSL_TMP_KEY_RSA_2048:
- r = SSL_TMP_KEY_INIT_RSA(2048);
- break;
- case SSL_TMP_KEY_RSA_4096:
- r = SSL_TMP_KEY_INIT_RSA(4096);
- break;
- }
- return r ? JNI_FALSE : JNI_TRUE;
-}
-
-TCN_IMPLEMENT_CALL(jboolean, SSL, loadDSATempKey)(TCN_STDARGS, jint idx,
- jstring file)
-{
- jboolean r = JNI_FALSE;
- TCN_ALLOC_CSTRING(file);
- DH *dh;
- UNREFERENCED(o);
-
- if (!J2S(file))
- return JNI_FALSE;
- SSL_TMP_KEY_FREE(DSA, idx);
- if ((dh = SSL_dh_get_param_from_file(J2S(file)))) {
- SSL_temp_keys[idx] = dh;
- r = JNI_TRUE;
- }
- TCN_FREE_CSTRING(file);
- return r;
-}
-
TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS)
{
char buf[256];
Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1681357&r1=1681356&r2=1681357&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Sat May 23 15:28:35
2015
@@ -188,16 +188,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
EVP_Digest((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
(unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
&(c->context_id[0]), NULL, EVP_sha1(), NULL);
- if (mode) {
-#ifdef HAVE_ECC
- /* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
- EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- SSL_CTX_set_tmp_ecdh(c->ctx, ecdh);
- EC_KEY_free(ecdh);
-#endif
- SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA);
- SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH);
- }
+
/* Set default Certificate verification level
* and depth for the Client Authentication
*/
@@ -315,7 +306,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
TCN_ASSERT(ctx != 0);
if (!J2S(ciphers))
return JNI_FALSE;
-
+
if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) {
char err[256];
ERR_error_string(ERR_get_error(), err);
@@ -625,6 +616,12 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
const char *key_file, *cert_file;
const char *p;
char err[256];
+#ifdef HAVE_ECC
+ EC_GROUP *ecparams;
+ int nid;
+ EC_KEY *eckey = NULL;
+#endif
+ DH *dhparams;
UNREFERENCED(o);
TCN_ASSERT(ctx != 0);
@@ -693,6 +690,42 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
rv = JNI_FALSE;
goto cleanup;
}
+
+ /*
+ * Try to read DH parameters from the (first) SSLCertificateFile
+ */
+ /* XXX Does this also work for pkcs12 or only for PEM files?
+ * If only for PEM files move above to the PEM handling */
+ if ((dhparams = SSL_dh_GetParamFromFile(cert_file))) {
+ SSL_CTX_set_tmp_dh(c->ctx, dhparams);
+ }
+
+#ifdef HAVE_ECC
+ /*
+ * Similarly, try to read the ECDH curve name from SSLCertificateFile...
+ */
+ /* XXX Does this also work for pkcs12 or only for PEM files?
+ * If only for PEM files move above to the PEM handling */
+ if ((ecparams = SSL_ec_GetParamFromFile(cert_file)) &&
+ (nid = EC_GROUP_get_curve_name(ecparams)) &&
+ (eckey = EC_KEY_new_by_curve_name(nid))) {
+ SSL_CTX_set_tmp_ecdh(c->ctx, eckey);
+ }
+ /*
+ * ...otherwise, configure NIST P-256 (required to enable ECDHE)
+ */
+ else {
+#if defined(SSL_CTX_set_ecdh_auto)
+ SSL_CTX_set_ecdh_auto(c->ctx, 1);
+#else
+ eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ SSL_CTX_set_tmp_ecdh(c->ctx, eckey);
+#endif
+ }
+ EC_KEY_free(eckey);
+#endif
+ SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH);
+
cleanup:
TCN_FREE_CSTRING(cert);
TCN_FREE_CSTRING(key);
Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=1681357&r1=1681356&r2=1681357&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Sat May 23 15:28:35
2015
@@ -145,8 +145,6 @@ static tcn_ssl_conn_t *ssl_create(JNIEnv
/*
* Configure callbacks for SSL connection
*/
- SSL_set_tmp_rsa_callback(ssl, SSL_callback_tmp_RSA);
- SSL_set_tmp_dh_callback(ssl, SSL_callback_tmp_DH);
SSL_set_session_id_context(ssl, &(ctx->context_id[0]),
sizeof ctx->context_id);
}
Modified: tomcat/native/branches/1.1.x/native/src/sslutils.c
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslutils.c?rev=1681357&r1=1681356&r2=1681357&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslutils.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslutils.c Sat May 23 15:28:35 2015
@@ -155,151 +155,12 @@ int SSL_password_callback(char *buf, int
return (int)strlen(buf);
}
-static unsigned char dh0512_p[]={
- 0xD9,0xBA,0xBF,0xFD,0x69,0x38,0xC9,0x51,0x2D,0x19,0x37,0x39,
- 0xD7,0x7D,0x7E,0x3E,0x25,0x58,0x55,0x94,0x90,0x60,0x93,0x7A,
- 0xF2,0xD5,0x61,0x5F,0x06,0xE8,0x08,0xB4,0x57,0xF4,0xCF,0xB4,
- 0x41,0xCC,0xC4,0xAC,0xD4,0xF0,0x45,0x88,0xC9,0xD1,0x21,0x4C,
- 0xB6,0x72,0x48,0xBD,0x73,0x80,0xE0,0xDD,0x88,0x41,0xA0,0xF1,
- 0xEA,0x4B,0x71,0x13
-};
-static unsigned char dh1024_p[]={
- 0xA2,0x95,0x7E,0x7C,0xA9,0xD5,0x55,0x1D,0x7C,0x77,0x11,0xAC,
- 0xFD,0x48,0x8C,0x3B,0x94,0x1B,0xC5,0xC0,0x99,0x93,0xB5,0xDC,
- 0xDC,0x06,0x76,0x9E,0xED,0x1E,0x3D,0xBB,0x9A,0x29,0xD6,0x8B,
- 0x1F,0xF6,0xDA,0xC9,0xDF,0xD5,0x02,0x4F,0x09,0xDE,0xEC,0x2C,
- 0x59,0x1E,0x82,0x32,0x80,0x9B,0xED,0x51,0x68,0xD2,0xFB,0x1E,
- 0x25,0xDB,0xDF,0x9C,0x11,0x70,0xDF,0xCA,0x19,0x03,0x3D,0x3D,
- 0xC1,0xAC,0x28,0x88,0x4F,0x13,0xAF,0x16,0x60,0x6B,0x5B,0x2F,
- 0x56,0xC7,0x5B,0x5D,0xDE,0x8F,0x50,0x08,0xEC,0xB1,0xB9,0x29,
- 0xAA,0x54,0xF4,0x05,0xC9,0xDF,0x95,0x9D,0x79,0xC6,0xEA,0x3F,
- 0xC9,0x70,0x42,0xDA,0x90,0xC7,0xCC,0x12,0xB9,0x87,0x86,0x39,
- 0x1E,0x1A,0xCE,0xF7,0x3F,0x15,0xB5,0x2B
-};
-static unsigned char dh2048_p[]={
- 0xF2,0x4A,0xFC,0x7E,0x73,0x48,0x21,0x03,0xD1,0x1D,0xA8,0x16,
- 0x87,0xD0,0xD2,0xDC,0x42,0xA8,0xD2,0x73,0xE3,0xA9,0x21,0x31,
- 0x70,0x5D,0x69,0xC7,0x8F,0x95,0x0C,0x9F,0xB8,0x0E,0x37,0xAE,
- 0xD1,0x6F,0x36,0x1C,0x26,0x63,0x2A,0x36,0xBA,0x0D,0x2A,0xF5,
- 0x1A,0x0F,0xE8,0xC0,0xEA,0xD1,0xB5,0x52,0x47,0x1F,0x9A,0x0C,
- 0x0F,0xED,0x71,0x51,0xED,0xE6,0x62,0xD5,0xF8,0x81,0x93,0x55,
- 0xC1,0x0F,0xB4,0x72,0x64,0xB3,0x73,0xAA,0x90,0x9A,0x81,0xCE,
- 0x03,0xFD,0x6D,0xB1,0x27,0x7D,0xE9,0x90,0x5E,0xE2,0x10,0x74,
- 0x4F,0x94,0xC3,0x05,0x21,0x73,0xA9,0x12,0x06,0x9B,0x0E,0x20,
- 0xD1,0x5F,0xF7,0xC9,0x4C,0x9D,0x4F,0xFA,0xCA,0x4D,0xFD,0xFF,
- 0x6A,0x62,0x9F,0xF0,0x0F,0x3B,0xA9,0x1D,0xF2,0x69,0x29,0x00,
- 0xBD,0xE9,0xB0,0x9D,0x88,0xC7,0x4A,0xAE,0xB0,0x53,0xAC,0xA2,
- 0x27,0x40,0x88,0x58,0x8F,0x26,0xB2,0xC2,0x34,0x7D,0xA2,0xCF,
- 0x92,0x60,0x9B,0x35,0xF6,0xF3,0x3B,0xC3,0xAA,0xD8,0x58,0x9C,
- 0xCF,0x5D,0x9F,0xDB,0x14,0x93,0xFA,0xA3,0xFA,0x44,0xB1,0xB2,
- 0x4B,0x0F,0x08,0x70,0x44,0x71,0x3A,0x73,0x45,0x8E,0x6D,0x9C,
- 0x56,0xBC,0x9A,0xB5,0xB1,0x3D,0x8B,0x1F,0x1E,0x2B,0x0E,0x93,
- 0xC2,0x9B,0x84,0xE2,0xE8,0xFC,0x29,0x85,0x83,0x8D,0x2E,0x5C,
- 0xDD,0x9A,0xBB,0xFD,0xF0,0x87,0xBF,0xAF,0xC4,0xB6,0x1D,0xE7,
- 0xF9,0x46,0x50,0x7F,0xC3,0xAC,0xFD,0xC9,0x8C,0x9D,0x66,0x6B,
- 0x4C,0x6A,0xC9,0x3F,0x0C,0x0A,0x74,0x94,0x41,0x85,0x26,0x8F,
- 0x9F,0xF0,0x7C,0x0B
-};
-static unsigned char dh4096_p[] = {
- 0x8D,0xD3,0x8F,0x77,0x6F,0x6F,0xB0,0x74,0x3F,0x22,0xE9,0xD1,
- 0x17,0x15,0x69,0xD8,0x24,0x85,0xCD,0xC4,0xE4,0x0E,0xF6,0x52,
- 0x40,0xF7,0x1C,0x34,0xD0,0xA5,0x20,0x77,0xE2,0xFC,0x7D,0xA1,
- 0x82,0xF1,0xF3,0x78,0x95,0x05,0x5B,0xB8,0xDB,0xB3,0xE4,0x17,
- 0x93,0xD6,0x68,0xA7,0x0A,0x0C,0xC5,0xBB,0x9C,0x5E,0x1E,0x83,
- 0x72,0xB3,0x12,0x81,0xA2,0xF5,0xCD,0x44,0x67,0xAA,0xE8,0xAD,
- 0x1E,0x8F,0x26,0x25,0xF2,0x8A,0xA0,0xA5,0xF4,0xFB,0x95,0xAE,
- 0x06,0x50,0x4B,0xD0,0xE7,0x0C,0x55,0x88,0xAA,0xE6,0xB8,0xF6,
- 0xE9,0x2F,0x8D,0xA7,0xAD,0x84,0xBC,0x8D,0x4C,0xFE,0x76,0x60,
- 0xCD,0xC8,0xED,0x7C,0xBF,0xF3,0xC1,0xF8,0x6A,0xED,0xEC,0xE9,
- 0x13,0x7D,0x4E,0x72,0x20,0x77,0x06,0xA4,0x12,0xF8,0xD2,0x34,
- 0x6F,0xDC,0x97,0xAB,0xD3,0xA0,0x45,0x8E,0x7D,0x21,0xA9,0x35,
- 0x6E,0xE4,0xC9,0xC4,0x53,0xFF,0xE5,0xD9,0x72,0x61,0xC4,0x8A,
- 0x75,0x78,0x36,0x97,0x1A,0xAB,0x92,0x85,0x74,0x61,0x7B,0xE0,
- 0x92,0xB8,0xC6,0x12,0xA1,0x72,0xBB,0x5B,0x61,0xAA,0xE6,0x2C,
- 0x2D,0x9F,0x45,0x79,0x9E,0xF4,0x41,0x93,0x93,0xEF,0x8B,0xEF,
- 0xB7,0xBF,0x6D,0xF0,0x91,0x11,0x4F,0x7C,0x71,0x84,0xB5,0x88,
- 0xA3,0x8C,0x1A,0xD5,0xD0,0x81,0x9C,0x50,0xAC,0xA9,0x2B,0xE9,
- 0x92,0x2D,0x73,0x7C,0x0A,0xA3,0xFA,0xD3,0x6C,0x91,0x43,0xA6,
- 0x80,0x7F,0xD7,0xC4,0xD8,0x6F,0x85,0xF8,0x15,0xFD,0x08,0xA6,
- 0xF8,0x7B,0x3A,0xF4,0xD3,0x50,0xB4,0x2F,0x75,0xC8,0x48,0xB8,
- 0xA8,0xFD,0xCA,0x8F,0x62,0xF1,0x4C,0x89,0xB7,0x18,0x67,0xB2,
- 0x93,0x2C,0xC4,0xD4,0x71,0x29,0xA9,0x26,0x20,0xED,0x65,0x37,
- 0x06,0x87,0xFC,0xFB,0x65,0x02,0x1B,0x3C,0x52,0x03,0xA1,0xBB,
- 0xCF,0xE7,0x1B,0xA4,0x1A,0xE3,0x94,0x97,0x66,0x06,0xBF,0xA9,
- 0xCE,0x1B,0x07,0x10,0xBA,0xF8,0xD4,0xD4,0x05,0xCF,0x53,0x47,
- 0x16,0x2C,0xA1,0xFC,0x6B,0xEF,0xF8,0x6C,0x23,0x34,0xEF,0xB7,
- 0xD3,0x3F,0xC2,0x42,0x5C,0x53,0x9A,0x00,0x52,0xCF,0xAC,0x42,
- 0xD3,0x3B,0x2E,0xB6,0x04,0x32,0xE1,0x09,0xED,0x64,0xCD,0x6A,
- 0x63,0x58,0xB8,0x43,0x56,0x5A,0xBE,0xA4,0x9F,0x68,0xD4,0xF7,
- 0xC9,0x04,0xDF,0xCD,0xE5,0x93,0xB0,0x2F,0x06,0x19,0x3E,0xB8,
- 0xAB,0x7E,0xF8,0xE7,0xE7,0xC8,0x53,0xA2,0x06,0xC3,0xC7,0xF9,
- 0x18,0x3B,0x51,0xC3,0x9B,0xFF,0x8F,0x00,0x0E,0x87,0x19,0x68,
- 0x2F,0x40,0xC0,0x68,0xFA,0x12,0xAE,0x57,0xB5,0xF0,0x97,0xCA,
- 0x78,0x23,0x31,0xAB,0x67,0x7B,0x10,0x6B,0x59,0x32,0x9C,0x64,
- 0x20,0x38,0x1F,0xC5,0x07,0x84,0x9E,0xC4,0x49,0xB1,0xDF,0xED,
- 0x7A,0x8A,0xC3,0xE0,0xDD,0x30,0x55,0xFF,0x95,0x45,0xA6,0xEE,
- 0xCB,0xE4,0x26,0xB9,0x8E,0x89,0x37,0x63,0xD4,0x02,0x3D,0x5B,
- 0x4F,0xE5,0x90,0xF6,0x72,0xF8,0x10,0xEE,0x31,0x04,0x54,0x17,
- 0xE3,0xD5,0x63,0x84,0x80,0x62,0x54,0x46,0x85,0x6C,0xD2,0xC1,
- 0x3E,0x19,0xBD,0xE2,0x80,0x11,0x86,0xC7,0x4B,0x7F,0x67,0x86,
- 0x47,0xD2,0x38,0xCD,0x8F,0xFE,0x65,0x3C,0x11,0xCD,0x96,0x99,
- 0x4E,0x45,0xEB,0xEC,0x1D,0x94,0x8C,0x53,
-};
-static unsigned char dhxxx2_g[]={
- 0x02
-};
-
-static DH *get_dh(int idx)
-{
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED)
- DH *dh;
-
- if ((dh = DH_new()) == NULL)
- return NULL;
- switch (idx) {
- case SSL_TMP_KEY_DH_512:
- dh->p = BN_bin2bn(dh0512_p, sizeof(dh0512_p), NULL);
- break;
- case SSL_TMP_KEY_DH_1024:
- dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
- break;
- case SSL_TMP_KEY_DH_2048:
- dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
- break;
- case SSL_TMP_KEY_DH_4096:
- dh->p = BN_bin2bn(dh4096_p, sizeof(dh2048_p), NULL);
- break;
- }
- dh->g = BN_bin2bn(dhxxx2_g, sizeof(dhxxx2_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL)) {
- DH_free(dh);
- return NULL;
- }
- else
- return dh;
-#else
- return NULL;
-#endif
-}
-
-DH *SSL_dh_get_tmp_param(int key_len)
-{
- DH *dh;
-
- if (key_len == 512)
- dh = get_dh(SSL_TMP_KEY_DH_512);
- else if (key_len == 1024)
- dh = get_dh(SSL_TMP_KEY_DH_1024);
- else if (key_len == 2048)
- dh = get_dh(SSL_TMP_KEY_DH_2048);
- else if (key_len == 4096)
- dh = get_dh(SSL_TMP_KEY_DH_4096);
- else
- dh = get_dh(SSL_TMP_KEY_DH_1024);
- return dh;
-}
-
-DH *SSL_dh_get_param_from_file(const char *file)
+/* _________________________________________________________________
+**
+** Custom (EC)DH parameter support
+** _________________________________________________________________
+*/
+DH *SSL_dh_GetParamFromFile(const char *file)
{
DH *dh = NULL;
BIO *bio;
@@ -311,98 +172,44 @@ DH *SSL_dh_get_param_from_file(const cha
return dh;
}
-/*
- * Handle out temporary RSA private keys on demand
- *
- * The background of this as the TLSv1 standard explains it:
- *
- * | D.1. Temporary RSA keys
- * |
- * | US Export restrictions limit RSA keys used for encryption to 512
- * | bits, but do not place any limit on lengths of RSA keys used for
- * | signing operations. Certificates often need to be larger than 512
- * | bits, since 512-bit RSA keys are not secure enough for high-value
- * | transactions or for applications requiring long-term security. Some
- * | certificates are also designated signing-only, in which case they
- * | cannot be used for key exchange.
- * |
- * | When the public key in the certificate cannot be used for encryption,
- * | the server signs a temporary RSA key, which is then exchanged. In
- * | exportable applications, the temporary RSA key should be the maximum
- * | allowable length (i.e., 512 bits). Because 512-bit RSA keys are
- * | relatively insecure, they should be changed often. For typical
- * | electronic commerce applications, it is suggested that keys be
- * | changed daily or every 500 transactions, and more often if possible.
- * | Note that while it is acceptable to use the same temporary key for
- * | multiple transactions, it must be signed each time it is used.
- * |
- * | RSA key generation is a time-consuming process. In many cases, a
- * | low-priority process can be assigned the task of key generation.
- * | Whenever a new key is completed, the existing temporary key can be
- * | replaced with the new one.
- *
- * XXX: base on comment above, if thread support is enabled,
- * we should spawn a low-priority thread to generate new keys
- * on the fly.
- *
- * So we generated 512 and 1024 bit temporary keys on startup
- * which we now just hand out on demand....
- */
-
-RSA *SSL_callback_tmp_RSA(SSL *ssl, int export, int keylen)
+#ifdef HAVE_ECC
+EC_GROUP *SSL_ec_GetParamFromFile(const char *file)
{
- int idx;
-
- /* doesn't matter if export flag is on,
- * we won't be asked for keylen > 512 in that case.
- * if we are asked for a keylen > 1024, it is too expensive
- * to generate on the fly.
- */
+ EC_GROUP *group = NULL;
+ BIO *bio;
- switch (keylen) {
- case 512:
- idx = SSL_TMP_KEY_RSA_512;
- break;
- case 2048:
- idx = SSL_TMP_KEY_RSA_2048;
- if (SSL_temp_keys[idx] == NULL)
- idx = SSL_TMP_KEY_RSA_1024;
- break;
- case 4096:
- idx = SSL_TMP_KEY_RSA_4096;
- if (SSL_temp_keys[idx] == NULL)
- idx = SSL_TMP_KEY_RSA_2048;
- break;
- case 1024:
- default:
- idx = SSL_TMP_KEY_RSA_1024;
- break;
- }
- return (RSA *)SSL_temp_keys[idx];
+ if ((bio = BIO_new_file(file, "r")) == NULL)
+ return NULL;
+ group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL);
+ BIO_free(bio);
+ return (group);
}
+#endif
/*
- * Hand out the already generated DH parameters...
+ * Hand out standard DH parameters, based on the authentication strength
*/
DH *SSL_callback_tmp_DH(SSL *ssl, int export, int keylen)
{
- int idx;
- switch (keylen) {
- case 512:
- idx = SSL_TMP_KEY_DH_512;
- break;
- case 2048:
- idx = SSL_TMP_KEY_DH_2048;
- break;
- case 4096:
- idx = SSL_TMP_KEY_DH_4096;
- break;
- case 1024:
- default:
- idx = SSL_TMP_KEY_DH_1024;
- break;
+ EVP_PKEY *pkey = SSL_get_privatekey(ssl);
+ int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
+
+ /*
+ * OpenSSL will call us with either keylen == 512 or keylen == 1024
+ * (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
+ * Adjust the DH parameter length according to the size of the
+ * RSA/DSA private key used for the current connection, and always
+ * use at least 1024-bit parameters.
+ * Note: This may cause interoperability issues with implementations
+ * which limit their DH support to 1024 bit - e.g. Java 7 and earlier.
+ * In this case, SSLCertificateFile can be used to specify fixed
+ * 1024-bit DH parameters (with the effect that OpenSSL skips this
+ * callback).
+ */
+ if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) {
+ keylen = EVP_PKEY_bits(pkey);
}
- return (DH *)SSL_temp_keys[idx];
+ return SSL_get_dh_params(keylen);
}
/*
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
