diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-10-23 17:09:57 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-01-06 02:06:39 +0000 |
commit | ce325c60c74b0fa784f5872404b722e120e5cab0 (patch) | |
tree | de2733f383b8000876ea6bfcebd82c8e27086112 /ssl/d1_srvr.c | |
parent | b15f8769644b00ef7283521593360b7b2135cb63 (diff) | |
download | openssl-ce325c60c74b0fa784f5872404b722e120e5cab0.tar.gz |
Only allow ephemeral RSA keys in export ciphersuites.
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.
Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/d1_srvr.c')
-rw-r--r-- | ssl/d1_srvr.c | 21 |
1 files changed, 6 insertions, 15 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index bcadd310fd..8a5c5a1cd2 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -472,24 +472,15 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange or * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp + if ( /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK |