Remove optimisation for known DH groups.
Since we are eliminating DHE support in TLS, this is just a waste of bytes. Change-Id: I3a23ece564e43f7e8874d1ec797def132ba59504 Reviewed-on: https://boringssl-review.googlesource.com/10260 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
parent
881f196075
commit
37b486aade
@ -58,8 +58,6 @@
|
|||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
|
|
||||||
#include "internal.h"
|
|
||||||
|
|
||||||
|
|
||||||
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) {
|
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) {
|
||||||
*ret = 0;
|
*ret = 0;
|
||||||
|
@ -65,7 +65,6 @@
|
|||||||
#include <openssl/mem.h>
|
#include <openssl/mem.h>
|
||||||
#include <openssl/thread.h>
|
#include <openssl/thread.h>
|
||||||
|
|
||||||
#include "internal.h"
|
|
||||||
#include "../internal.h"
|
#include "../internal.h"
|
||||||
|
|
||||||
|
|
||||||
@ -303,7 +302,6 @@ int DH_generate_key(DH *dh) {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* secret exponent length */
|
/* secret exponent length */
|
||||||
DH_check_standard_parameters(dh);
|
|
||||||
l = dh->priv_length ? dh->priv_length : BN_num_bits(dh->p) - 1;
|
l = dh->priv_length ? dh->priv_length : BN_num_bits(dh->p) - 1;
|
||||||
if (!BN_rand(priv_key, l, 0, 0)) {
|
if (!BN_rand(priv_key, l, 0, 0)) {
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -67,7 +67,6 @@
|
|||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/mem.h>
|
#include <openssl/mem.h>
|
||||||
|
|
||||||
#include "internal.h"
|
|
||||||
#include "../test/scoped_types.h"
|
#include "../test/scoped_types.h"
|
||||||
|
|
||||||
namespace bssl {
|
namespace bssl {
|
||||||
|
@ -1,80 +0,0 @@
|
|||||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|
||||||
* All rights reserved.
|
|
||||||
*
|
|
||||||
* This package is an SSL implementation written
|
|
||||||
* by Eric Young (eay@cryptsoft.com).
|
|
||||||
* The implementation was written so as to conform with Netscapes SSL.
|
|
||||||
*
|
|
||||||
* This library is free for commercial and non-commercial use as long as
|
|
||||||
* the following conditions are aheared to. The following conditions
|
|
||||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
|
||||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
|
||||||
* included with this distribution is covered by the same copyright terms
|
|
||||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
|
||||||
*
|
|
||||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
|
||||||
* the code are not to be removed.
|
|
||||||
* If this package is used in a product, Eric Young should be given attribution
|
|
||||||
* as the author of the parts of the library used.
|
|
||||||
* This can be in the form of a textual message at program startup or
|
|
||||||
* in documentation (online or textual) provided with the package.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
* 1. Redistributions of source code must retain the copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* 2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in the
|
|
||||||
* documentation and/or other materials provided with the distribution.
|
|
||||||
* 3. All advertising materials mentioning features or use of this software
|
|
||||||
* must display the following acknowledgement:
|
|
||||||
* "This product includes cryptographic software written by
|
|
||||||
* Eric Young (eay@cryptsoft.com)"
|
|
||||||
* The word 'cryptographic' can be left out if the rouines from the library
|
|
||||||
* being used are not cryptographic related :-).
|
|
||||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
|
||||||
* the apps directory (application code) you must include an acknowledgement:
|
|
||||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
|
||||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
||||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
||||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
||||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
||||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
||||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
||||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
||||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
||||||
* SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
* The licence and distribution terms for any publically available version or
|
|
||||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
|
||||||
* copied and put under another distribution licence
|
|
||||||
* [including the GNU Public Licence.] */
|
|
||||||
|
|
||||||
#ifndef OPENSSL_HEADER_DH_INTERNAL_H
|
|
||||||
#define OPENSSL_HEADER_DH_INTERNAL_H
|
|
||||||
|
|
||||||
#include <openssl/base.h>
|
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/ex_data.h>
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
/* DH_check_standard_parameters checks if the parameters in |dh| are well
|
|
||||||
* known and safe. If so, it sets |dh->priv_length| to an appropriately smaller
|
|
||||||
* value than the default. */
|
|
||||||
void DH_check_standard_parameters(DH *dh);
|
|
||||||
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
|
||||||
} /* extern C */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* OPENSSL_HEADER_DH_INTERNAL_H */
|
|
@ -54,7 +54,6 @@
|
|||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
|
|
||||||
#include "internal.h"
|
|
||||||
#include "../bn/internal.h"
|
#include "../bn/internal.h"
|
||||||
|
|
||||||
|
|
||||||
@ -166,58 +165,6 @@ static const BN_ULONG dh2048_256_q[] = {
|
|||||||
TOBN(0xB4479976, 0x40129DA2), TOBN(0x8CF83642, 0xA709A097),
|
TOBN(0xB4479976, 0x40129DA2), TOBN(0x8CF83642, 0xA709A097),
|
||||||
};
|
};
|
||||||
|
|
||||||
/* dh1024_safe_prime_1 is hard-coded in Apache httpd 2.2,
|
|
||||||
* modules/ssl/ssl_engine_dh.c. */
|
|
||||||
static const BN_ULONG dh1024_safe_prime_1[] = {
|
|
||||||
TOBN(0xE7393E0F, 0x24218EB3), TOBN(0x7DE0F4D6, 0xE2BD68B0),
|
|
||||||
TOBN(0x07DD62DB, 0x88AEAA74), TOBN(0x10EA9FCC, 0x9DDD3305),
|
|
||||||
TOBN(0xA7DBCA78, 0x74087D15), TOBN(0xDAE88600, 0x78045B07),
|
|
||||||
TOBN(0x33168A46, 0x1AAD3B72), TOBN(0xFF590137, 0x7BEDDCFD),
|
|
||||||
TOBN(0xFE324A46, 0x7A635E81), TOBN(0x5AC179BA, 0x420B2A29),
|
|
||||||
TOBN(0x13B4B4D7, 0x177E16D5), TOBN(0x849F912E, 0x639C72FB),
|
|
||||||
TOBN(0xB88174CB, 0x98BCE951), TOBN(0x0C84D239, 0xA45F520B),
|
|
||||||
TOBN(0x36D693D3, 0x4AFD0AD5), TOBN(0xD67DE440, 0xCBBBDC19),
|
|
||||||
};
|
|
||||||
|
|
||||||
/* dh1024_safe_prime_2 is hard-coded in nginx,
|
|
||||||
* src/event/ngx_event_openssl.c. */
|
|
||||||
static const BN_ULONG dh1024_safe_prime_2[] = {
|
|
||||||
TOBN(0x071DF045, 0xCFE16B9B), TOBN(0x88D0F65D, 0x146757DA),
|
|
||||||
TOBN(0x4A63AB1E, 0x58FAFD49), TOBN(0x35D8CECE, 0xEF9EA027),
|
|
||||||
TOBN(0x25ECE662, 0x70CC9A50), TOBN(0xF29BA5DF, 0x81DC2CA7),
|
|
||||||
TOBN(0x8F68B076, 0xF7D36CC8), TOBN(0x60E91A92, 0xA757E304),
|
|
||||||
TOBN(0x87A2BC04, 0x9BE67780), TOBN(0xBEECA565, 0xA5FDF1D2),
|
|
||||||
TOBN(0x5CCBBAA8, 0x922614C5), TOBN(0x6C030276, 0xE710800C),
|
|
||||||
TOBN(0x08EED4EB, 0x0FB3504C), TOBN(0xD958A3F5, 0x68B42D4B),
|
|
||||||
TOBN(0x7C43FCF5, 0x80E9CFDB), TOBN(0xBBBC2DCA, 0xD8467490),
|
|
||||||
};
|
|
||||||
|
|
||||||
/* dh1024_safe_prime_3 is offered as a parameter by several high-traffic sites,
|
|
||||||
* including mozilla.org, as of Jan 2015. */
|
|
||||||
static const BN_ULONG dh1024_safe_prime_3[] = {
|
|
||||||
TOBN(0x671746AE, 0x349E721B), TOBN(0x258A0655, 0xD75E93B2),
|
|
||||||
TOBN(0xD425E6FB, 0x25592EB6), TOBN(0x0C46AB04, 0xBF7CDD9A),
|
|
||||||
TOBN(0x0AD0BC99, 0x28968680), TOBN(0xF53907FB, 0xD0B7EB49),
|
|
||||||
TOBN(0x202EABB3, 0xEBC85C1D), TOBN(0x3129C693, 0x364D8C71),
|
|
||||||
TOBN(0x53728351, 0x2D46F195), TOBN(0xDF326DD6, 0x8C76CC85),
|
|
||||||
TOBN(0xF898B3F9, 0x9188E24E), TOBN(0x95EFB13C, 0x2855DFD2),
|
|
||||||
TOBN(0x1F5DAC48, 0x7B2241FE), TOBN(0x117B6BF7, 0x99A13D9F),
|
|
||||||
TOBN(0x0F97CDDA, 0x3A3468C7), TOBN(0xC9BBF5F7, 0x74A8297B)};
|
|
||||||
|
|
||||||
/* dh1024_safe_prime_4 is hard-coded in Apache httpd 2.0,
|
|
||||||
* modules/ssl/ssl_engine_dh.c. */
|
|
||||||
static const BN_ULONG dh1024_safe_prime_4[] = {
|
|
||||||
TOBN(0x5085E21F, 0x0DD5C86B), TOBN(0x871538DF, 0xD823C650),
|
|
||||||
TOBN(0x125136F7, 0x262E56A8), TOBN(0x974E9EF1, 0x839EB5DB),
|
|
||||||
TOBN(0xEA9BAD99, 0x1B13A63C), TOBN(0x6044CF02, 0x3D76E05E),
|
|
||||||
TOBN(0x611EBBBE, 0x1BAC9B5C), TOBN(0x3E371D79, 0x4E5327DF),
|
|
||||||
TOBN(0x000E6EDD, 0x061CBC05), TOBN(0x2F971F3C, 0x20129B48),
|
|
||||||
TOBN(0xA6EF09C4, 0x3048D5A2), TOBN(0xFA15A259, 0xCBD523A6),
|
|
||||||
TOBN(0x2A206490, 0x4A79A770), TOBN(0x91B78182, 0x51BB055E),
|
|
||||||
TOBN(0x7CF180C3, 0xBDD4798E), TOBN(0xE6969D3D, 0x495BE32C)};
|
|
||||||
|
|
||||||
static const BN_ULONG bn_two_data[] = {2};
|
|
||||||
|
|
||||||
struct standard_parameters {
|
struct standard_parameters {
|
||||||
BIGNUM p, q, g;
|
BIGNUM p, q, g;
|
||||||
};
|
};
|
||||||
@ -240,15 +187,6 @@ static const struct standard_parameters dh2048_256 = {
|
|||||||
STATIC_BIGNUM(dh2048_256_g),
|
STATIC_BIGNUM(dh2048_256_g),
|
||||||
};
|
};
|
||||||
|
|
||||||
static const BIGNUM dh1024_safe_prime[] = {
|
|
||||||
STATIC_BIGNUM(dh1024_safe_prime_1),
|
|
||||||
STATIC_BIGNUM(dh1024_safe_prime_2),
|
|
||||||
STATIC_BIGNUM(dh1024_safe_prime_3),
|
|
||||||
STATIC_BIGNUM(dh1024_safe_prime_4)
|
|
||||||
};
|
|
||||||
|
|
||||||
static const BIGNUM bn_two = STATIC_BIGNUM(bn_two_data);
|
|
||||||
|
|
||||||
static DH *get_standard_parameters(const struct standard_parameters *params,
|
static DH *get_standard_parameters(const struct standard_parameters *params,
|
||||||
const ENGINE *engine) {
|
const ENGINE *engine) {
|
||||||
DH *dh = DH_new();
|
DH *dh = DH_new();
|
||||||
@ -313,24 +251,3 @@ BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *ret) {
|
|||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
void DH_check_standard_parameters(DH *dh) {
|
|
||||||
unsigned i;
|
|
||||||
|
|
||||||
if (dh->p == NULL ||
|
|
||||||
dh->g == NULL ||
|
|
||||||
BN_num_bytes(dh->p) != (1024 / 8) ||
|
|
||||||
BN_cmp(dh->g, &bn_two) != 0) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (i = 0; i < sizeof(dh1024_safe_prime) / sizeof(dh1024_safe_prime[0]);
|
|
||||||
i++) {
|
|
||||||
if (BN_cmp(dh->p, &dh1024_safe_prime[i]) == 0) {
|
|
||||||
/* The well-known DH groups are known to have safe primes. In this case
|
|
||||||
* we can safely reduce the size of the private key. */
|
|
||||||
dh->priv_length = 161;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
@ -167,7 +167,6 @@
|
|||||||
#include <openssl/x509v3.h>
|
#include <openssl/x509v3.h>
|
||||||
|
|
||||||
#include "internal.h"
|
#include "internal.h"
|
||||||
#include "../crypto/dh/internal.h"
|
|
||||||
|
|
||||||
|
|
||||||
static int ssl3_send_client_hello(SSL *ssl);
|
static int ssl3_send_client_hello(SSL *ssl);
|
||||||
|
@ -169,7 +169,6 @@
|
|||||||
|
|
||||||
#include "internal.h"
|
#include "internal.h"
|
||||||
#include "../crypto/internal.h"
|
#include "../crypto/internal.h"
|
||||||
#include "../crypto/dh/internal.h"
|
|
||||||
|
|
||||||
|
|
||||||
static int ssl3_get_client_hello(SSL *ssl);
|
static int ssl3_get_client_hello(SSL *ssl);
|
||||||
|
@ -127,7 +127,6 @@
|
|||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
#include <openssl/x509v3.h>
|
#include <openssl/x509v3.h>
|
||||||
|
|
||||||
#include "../crypto/dh/internal.h"
|
|
||||||
#include "../crypto/internal.h"
|
#include "../crypto/internal.h"
|
||||||
#include "internal.h"
|
#include "internal.h"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user