git.librecmc.org Git - oweals/openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Thu, 17 Dec 2015 02:57:20 +0000 (02:57 +0000)
committer	Matt Caswell <matt@openssl.org>
	Thu, 28 Jan 2016 10:27:55 +0000 (10:27 +0000)
commit	8bc643efc89cbcfba17369801cf4eeca037b6cc1
tree	2051e9ed375f87527eb046d57b5fd3d052f5c9dc	tree \| snapshot
parent	126ac21c80967ec00f802d356462c1b83fa0f54c	commit \| diff

Always generate DH keys for ephemeral DH cipher suites

Modified version of the commit ffaef3f15 in the master branch by Stephen
Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always
generates a new DH key for every handshake regardless.

This is a follow on from CVE-2016-0701. This branch is not impacted by
that CVE because it does not support X9.42 style parameters. It is still
possible to generate parameters based on primes that are not "safe",
although by default OpenSSL does not do this. The documentation does
sign post that using such parameters is unsafe if the private DH key is
reused. However to avoid accidental problems or future attacks this commit
has been backported to this branch.

Issue reported by Antonio Sanso

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

doc/ssl/SSL_CTX_set_tmp_dh_callback.pod		diff \| blob \| history
ssl/s3_lib.c		diff \| blob \| history
ssl/s3_srvr.c		diff \| blob \| history
ssl/ssl.h		diff \| blob \| history