41a6c3
# ./pullrev.sh 1542327
41a6c3
http://svn.apache.org/viewvc?view=revision&revision=1542327
41a6c3
41a6c3
--- httpd-2.4.6/LAYOUT.r1542327
41a6c3
+++ httpd-2.4.6/LAYOUT
41a6c3
@@ -108,7 +108,6 @@ modules/ ................ Manditory and
41a6c3
     mod_ssl.c ............... main source file containing API structures
41a6c3
     mod_ssl.h ............... common header file of mod_ssl
41a6c3
     ssl_engine_config.c ..... module configuration handling
41a6c3
-    ssl_engine_dh.c ......... DSA/DH support
41a6c3
     ssl_engine_init.c ....... module initialization
41a6c3
     ssl_engine_io.c ......... I/O support
41a6c3
     ssl_engine_kernel.c ..... SSL engine kernel
41a6c3
--- httpd-2.4.6/modules/ssl/config.m4.r1542327
41a6c3
+++ httpd-2.4.6/modules/ssl/config.m4
41a6c3
@@ -20,7 +20,6 @@ dnl #  list of module object files
41a6c3
 ssl_objs="dnl
41a6c3
 mod_ssl.lo dnl
41a6c3
 ssl_engine_config.lo dnl
41a6c3
-ssl_engine_dh.lo dnl
41a6c3
 ssl_engine_init.lo dnl
41a6c3
 ssl_engine_io.lo dnl
41a6c3
 ssl_engine_kernel.lo dnl
41a6c3
--- httpd-2.4.6/modules/ssl/mod_ssl.c.r1542327
41a6c3
+++ httpd-2.4.6/modules/ssl/mod_ssl.c
41a6c3
@@ -515,15 +515,6 @@ int ssl_init_ssl_connection(conn_rec *c,
41a6c3
 
41a6c3
     sslconn->ssl = ssl;
41a6c3
 
41a6c3
-    /*
41a6c3
-     *  Configure callbacks for SSL connection
41a6c3
-     */
41a6c3
-    SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
41a6c3
-    SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);
41a6c3
-#ifndef OPENSSL_NO_EC
41a6c3
-    SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH);
41a6c3
-#endif
41a6c3
-
41a6c3
     SSL_set_verify_result(ssl, X509_V_OK);
41a6c3
 
41a6c3
     ssl_io_filter_init(c, r, ssl);
41a6c3
--- httpd-2.4.6/modules/ssl/mod_ssl.dsp.r1542327
41a6c3
+++ httpd-2.4.6/modules/ssl/mod_ssl.dsp
41a6c3
@@ -112,10 +112,6 @@ SOURCE=.\ssl_engine_config.c
41a6c3
 # End Source File
41a6c3
 # Begin Source File
41a6c3
 
41a6c3
-SOURCE=.\ssl_engine_dh.c
41a6c3
-# End Source File
41a6c3
-# Begin Source File
41a6c3
-
41a6c3
 SOURCE=.\ssl_engine_init.c
41a6c3
 # End Source File
41a6c3
 # Begin Source File
41a6c3
--- httpd-2.4.6/modules/ssl/ssl_engine_config.c.r1542327
41a6c3
+++ httpd-2.4.6/modules/ssl/ssl_engine_config.c
41a6c3
@@ -76,8 +76,6 @@ SSLModConfigRec *ssl_config_global_creat
41a6c3
     mc->stapling_mutex         = NULL;
41a6c3
 #endif
41a6c3
 
41a6c3
-    memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));
41a6c3
-
41a6c3
     apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
41a6c3
                           apr_pool_cleanup_null,
41a6c3
                           pool);
41a6c3
--- httpd-2.4.6/modules/ssl/ssl_engine_dh.c.r1542327
41a6c3
+++ httpd-2.4.6/modules/ssl/ssl_engine_dh.c
41a6c3
@@ -1,244 +0,0 @@
41a6c3
-#if 0
41a6c3
-=pod
41a6c3
-#endif
41a6c3
-
41a6c3
-/* Licensed to the Apache Software Foundation (ASF) under one or more
41a6c3
- * contributor license agreements.  See the NOTICE file distributed with
41a6c3
- * this work for additional information regarding copyright ownership.
41a6c3
- * The ASF licenses this file to You under the Apache License, Version 2.0
41a6c3
- * (the "License"); you may not use this file except in compliance with
41a6c3
- * the License.  You may obtain a copy of the License at
41a6c3
- *
41a6c3
- *     http://www.apache.org/licenses/LICENSE-2.0
41a6c3
- *
41a6c3
- * Unless required by applicable law or agreed to in writing, software
41a6c3
- * distributed under the License is distributed on an "AS IS" BASIS,
41a6c3
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
41a6c3
- * See the License for the specific language governing permissions and
41a6c3
- * limitations under the License.
41a6c3
- */
41a6c3
-
41a6c3
-/*                      _             _
41a6c3
- *  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
41a6c3
- * | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
41a6c3
- * | | | | | | (_) | (_| |   \__ \__ \ |
41a6c3
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
41a6c3
- *                      |_____|
41a6c3
- * ssl_engine_dh.c
41a6c3
- * Diffie-Hellman Built-in Temporary Parameters
41a6c3
- */
41a6c3
-
41a6c3
-#include "ssl_private.h"
41a6c3
-
41a6c3
-/* ----BEGIN GENERATED SECTION-------- */
41a6c3
-
41a6c3
-/*
41a6c3
-** Diffie-Hellman-Parameters: (512 bit)
41a6c3
-**     prime:
41a6c3
-**         00:9f:db:8b:8a:00:45:44:f0:04:5f:17:37:d0:ba:
41a6c3
-**         2e:0b:27:4c:df:1a:9f:58:82:18:fb:43:53:16:a1:
41a6c3
-**         6e:37:41:71:fd:19:d8:d8:f3:7c:39:bf:86:3f:d6:
41a6c3
-**         0e:3e:30:06:80:a3:03:0c:6e:4c:37:57:d0:8f:70:
41a6c3
-**         e6:aa:87:10:33
41a6c3
-**     generator: 2 (0x2)
41a6c3
-** Diffie-Hellman-Parameters: (1024 bit)
41a6c3
-**     prime:
41a6c3
-**         00:d6:7d:e4:40:cb:bb:dc:19:36:d6:93:d3:4a:fd:
41a6c3
-**         0a:d5:0c:84:d2:39:a4:5f:52:0b:b8:81:74:cb:98:
41a6c3
-**         bc:e9:51:84:9f:91:2e:63:9c:72:fb:13:b4:b4:d7:
41a6c3
-**         17:7e:16:d5:5a:c1:79:ba:42:0b:2a:29:fe:32:4a:
41a6c3
-**         46:7a:63:5e:81:ff:59:01:37:7b:ed:dc:fd:33:16:
41a6c3
-**         8a:46:1a:ad:3b:72:da:e8:86:00:78:04:5b:07:a7:
41a6c3
-**         db:ca:78:74:08:7d:15:10:ea:9f:cc:9d:dd:33:05:
41a6c3
-**         07:dd:62:db:88:ae:aa:74:7d:e0:f4:d6:e2:bd:68:
41a6c3
-**         b0:e7:39:3e:0f:24:21:8e:b3
41a6c3
-**     generator: 2 (0x2)
41a6c3
-*/
41a6c3
-
41a6c3
-static unsigned char dh512_p[] = {
41a6c3
-    0x9F, 0xDB, 0x8B, 0x8A, 0x00, 0x45, 0x44, 0xF0, 0x04, 0x5F, 0x17, 0x37,
41a6c3
-    0xD0, 0xBA, 0x2E, 0x0B, 0x27, 0x4C, 0xDF, 0x1A, 0x9F, 0x58, 0x82, 0x18,
41a6c3
-    0xFB, 0x43, 0x53, 0x16, 0xA1, 0x6E, 0x37, 0x41, 0x71, 0xFD, 0x19, 0xD8,
41a6c3
-    0xD8, 0xF3, 0x7C, 0x39, 0xBF, 0x86, 0x3F, 0xD6, 0x0E, 0x3E, 0x30, 0x06,
41a6c3
-    0x80, 0xA3, 0x03, 0x0C, 0x6E, 0x4C, 0x37, 0x57, 0xD0, 0x8F, 0x70, 0xE6,
41a6c3
-    0xAA, 0x87, 0x10, 0x33,
41a6c3
-};
41a6c3
-static unsigned char dh512_g[] = {
41a6c3
-    0x02,
41a6c3
-};
41a6c3
-
41a6c3
-static DH *get_dh512(void)
41a6c3
-{
41a6c3
-    DH *dh;
41a6c3
-
41a6c3
-    if (!(dh = DH_new())) {
41a6c3
-        return NULL;
41a6c3
-    }
41a6c3
-
41a6c3
-    dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
41a6c3
-    dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
41a6c3
-    if (!(dh->p && dh->g)) {
41a6c3
-        DH_free(dh);
41a6c3
-        return NULL;
41a6c3
-    }
41a6c3
-
41a6c3
-    return dh;
41a6c3
-}
41a6c3
-
41a6c3
-static unsigned char dh1024_p[] = {
41a6c3
-    0xD6, 0x7D, 0xE4, 0x40, 0xCB, 0xBB, 0xDC, 0x19, 0x36, 0xD6, 0x93, 0xD3,
41a6c3
-    0x4A, 0xFD, 0x0A, 0xD5, 0x0C, 0x84, 0xD2, 0x39, 0xA4, 0x5F, 0x52, 0x0B,
41a6c3
-    0xB8, 0x81, 0x74, 0xCB, 0x98, 0xBC, 0xE9, 0x51, 0x84, 0x9F, 0x91, 0x2E,
41a6c3
-    0x63, 0x9C, 0x72, 0xFB, 0x13, 0xB4, 0xB4, 0xD7, 0x17, 0x7E, 0x16, 0xD5,
41a6c3
-    0x5A, 0xC1, 0x79, 0xBA, 0x42, 0x0B, 0x2A, 0x29, 0xFE, 0x32, 0x4A, 0x46,
41a6c3
-    0x7A, 0x63, 0x5E, 0x81, 0xFF, 0x59, 0x01, 0x37, 0x7B, 0xED, 0xDC, 0xFD,
41a6c3
-    0x33, 0x16, 0x8A, 0x46, 0x1A, 0xAD, 0x3B, 0x72, 0xDA, 0xE8, 0x86, 0x00,
41a6c3
-    0x78, 0x04, 0x5B, 0x07, 0xA7, 0xDB, 0xCA, 0x78, 0x74, 0x08, 0x7D, 0x15,
41a6c3
-    0x10, 0xEA, 0x9F, 0xCC, 0x9D, 0xDD, 0x33, 0x05, 0x07, 0xDD, 0x62, 0xDB,
41a6c3
-    0x88, 0xAE, 0xAA, 0x74, 0x7D, 0xE0, 0xF4, 0xD6, 0xE2, 0xBD, 0x68, 0xB0,
41a6c3
-    0xE7, 0x39, 0x3E, 0x0F, 0x24, 0x21, 0x8E, 0xB3,
41a6c3
-};
41a6c3
-static unsigned char dh1024_g[] = {
41a6c3
-    0x02,
41a6c3
-};
41a6c3
-
41a6c3
-static DH *get_dh1024(void)
41a6c3
-{
41a6c3
-    DH *dh;
41a6c3
-
41a6c3
-    if (!(dh = DH_new())) {
41a6c3
-        return NULL;
41a6c3
-    }
41a6c3
-
41a6c3
-    dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
41a6c3
-    dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
41a6c3
-    if (!(dh->p && dh->g)) {
41a6c3
-        DH_free(dh);
41a6c3
-        return NULL;
41a6c3
-    }
41a6c3
-
41a6c3
-    return dh;
41a6c3
-}
41a6c3
-
41a6c3
-/* ----END GENERATED SECTION---------- */
41a6c3
-
41a6c3
-DH *ssl_dh_GetTmpParam(int nKeyLen)
41a6c3
-{
41a6c3
-    DH *dh;
41a6c3
-
41a6c3
-    if (nKeyLen == 512)
41a6c3
-        dh = get_dh512();
41a6c3
-    else if (nKeyLen == 1024)
41a6c3
-        dh = get_dh1024();
41a6c3
-    else
41a6c3
-        dh = get_dh1024();
41a6c3
-    return dh;
41a6c3
-}
41a6c3
-
41a6c3
-DH *ssl_dh_GetParamFromFile(char *file)
41a6c3
-{
41a6c3
-    DH *dh = NULL;
41a6c3
-    BIO *bio;
41a6c3
-
41a6c3
-    if ((bio = BIO_new_file(file, "r")) == NULL)
41a6c3
-        return NULL;
41a6c3
-    dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
41a6c3
-    BIO_free(bio);
41a6c3
-    return (dh);
41a6c3
-}
41a6c3
-
41a6c3
-/*
41a6c3
-=cut
41a6c3
-##
41a6c3
-##  Embedded Perl script for generating the temporary DH parameters
41a6c3
-##
41a6c3
-
41a6c3
-require 5.003;
41a6c3
-use strict;
41a6c3
-
41a6c3
-#   configuration
41a6c3
-my $file  = $0;
41a6c3
-my $begin = '----BEGIN GENERATED SECTION--------';
41a6c3
-my $end   = '----END GENERATED SECTION----------';
41a6c3
-
41a6c3
-#   read ourself and keep a backup
41a6c3
-open(FP, "<$file") || die;
41a6c3
-my $source = '';
41a6c3
-$source .= $_ while (<FP>);
41a6c3
-close(FP);
41a6c3
-open(FP, ">$file.bak") || die;
41a6c3
-print FP $source;
41a6c3
-close(FP);
41a6c3
-
41a6c3
-#   generate the DH parameters
41a6c3
-print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n";
41a6c3
-my $rand = '';
41a6c3
-foreach $file (qw(/var/log/messages /var/adm/messages
41a6c3
-                  /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) {
41a6c3
-    if (-f $file) {
41a6c3
-        $rand = $file     if ($rand eq '');
41a6c3
-        $rand .= ":$file" if ($rand ne '');
41a6c3
-    }
41a6c3
-}
41a6c3
-$rand = "-rand $rand" if ($rand ne '');
41a6c3
-system("openssl gendh $rand -out dh512.pem 512");
41a6c3
-system("openssl gendh $rand -out dh1024.pem 1024");
41a6c3
-
41a6c3
-#   generate DH param info
41a6c3
-my $dhinfo = '';
41a6c3
-open(FP, "openssl dh -noout -text -in dh512.pem |") || die;
41a6c3
-$dhinfo .= $_ while (<FP>);
41a6c3
-close(FP);
41a6c3
-open(FP, "openssl dh -noout -text -in dh1024.pem |") || die;
41a6c3
-$dhinfo .= $_ while (<FP>);
41a6c3
-close(FP);
41a6c3
-$dhinfo =~ s|^|** |mg;
41a6c3
-$dhinfo = "\n\/\*\n$dhinfo\*\/\n\n";
41a6c3
-
41a6c3
-my $indent_args = "-i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1";
41a6c3
-
41a6c3
-#   generate C source from DH params
41a6c3
-my $dhsource = '';
41a6c3
-open(FP, "openssl dh -noout -C -in dh512.pem | indent $indent_args | expand |") || die;
41a6c3
-$dhsource .= $_ while (<FP>);
41a6c3
-close(FP);
41a6c3
-open(FP, "openssl dh -noout -C -in dh1024.pem | indent $indent_args | expand |") || die;
41a6c3
-$dhsource .= $_ while (<FP>);
41a6c3
-close(FP);
41a6c3
-$dhsource =~ s|(DH\s+\*get_dh)(\d+)[^}]*\n}|static $1$2(void)
41a6c3
-{
41a6c3
-    DH *dh;
41a6c3
-
41a6c3
-    if (!(dh = DH_new())) {
41a6c3
-        return NULL;
41a6c3
-    }
41a6c3
-
41a6c3
-    dh->p = BN_bin2bn(dh$2_p, sizeof(dh$2_p), NULL);
41a6c3
-    dh->g = BN_bin2bn(dh$2_g, sizeof(dh$2_g), NULL);
41a6c3
-    if (!(dh->p && dh->g)) {
41a6c3
-        DH_free(dh);
41a6c3
-        return NULL;
41a6c3
-    }
41a6c3
-
41a6c3
-    return dh;
41a6c3
-}
41a6c3
-|sg;
41a6c3
-
41a6c3
-#   generate output
41a6c3
-my $o = $dhinfo . $dhsource;
41a6c3
-
41a6c3
-#   insert the generated code at the target location
41a6c3
-$source =~ s|(\/\* $begin.+?\n).*\n(.*?\/\* $end)|$1$o$2|s;
41a6c3
-
41a6c3
-#   and update the source on disk
41a6c3
-print "Updating file `$file'\n";
41a6c3
-open(FP, ">$file") || die;
41a6c3
-print FP $source;
41a6c3
-close(FP);
41a6c3
-
41a6c3
-#   cleanup
41a6c3
-unlink("dh512.pem");
41a6c3
-unlink("dh1024.pem");
41a6c3
-
41a6c3
-=pod
41a6c3
-*/
41a6c3
--- httpd-2.4.6/modules/ssl/ssl_engine_init.c.r1542327
41a6c3
+++ httpd-2.4.6/modules/ssl/ssl_engine_init.c
41a6c3
@@ -56,180 +56,6 @@ static void ssl_add_version_components(a
41a6c3
                  modver, AP_SERVER_BASEVERSION, incver);
41a6c3
 }
41a6c3
 
41a6c3
-
41a6c3
-/*
41a6c3
- * Handle the Temporary RSA Keys and DH Params
41a6c3
- */
41a6c3
-
41a6c3
-#define MODSSL_TMP_KEY_FREE(mc, type, idx) \
41a6c3
-    if (mc->pTmpKeys[idx]) { \
41a6c3
-        type##_free((type *)mc->pTmpKeys[idx]); \
41a6c3
-        mc->pTmpKeys[idx] = NULL; \
41a6c3
-    }
41a6c3
-
41a6c3
-#define MODSSL_TMP_KEYS_FREE(mc, type) \
41a6c3
-    MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_512); \
41a6c3
-    MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_1024)
41a6c3
-
41a6c3
-static void ssl_tmp_keys_free(server_rec *s)
41a6c3
-{
41a6c3
-    SSLModConfigRec *mc = myModConfig(s);
41a6c3
-
41a6c3
-    MODSSL_TMP_KEYS_FREE(mc, RSA);
41a6c3
-    MODSSL_TMP_KEYS_FREE(mc, DH);
41a6c3
-#ifndef OPENSSL_NO_EC
41a6c3
-    MODSSL_TMP_KEY_FREE(mc, EC_KEY, SSL_TMP_KEY_EC_256);
41a6c3
-#endif
41a6c3
-}
41a6c3
-
41a6c3
-static int ssl_tmp_key_init_rsa(server_rec *s,
41a6c3
-                                int bits, int idx)
41a6c3
-{
41a6c3
-    SSLModConfigRec *mc = myModConfig(s);
41a6c3
-
41a6c3
-#ifdef HAVE_FIPS
41a6c3
-
41a6c3
-    if (FIPS_mode() && bits < 1024) {
41a6c3
-        mc->pTmpKeys[idx] = NULL;
41a6c3
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01877)
41a6c3
-                     "Init: Skipping generating temporary "
41a6c3
-                     "%d bit RSA private key in FIPS mode", bits);
41a6c3
-        return OK;
41a6c3
-    }
41a6c3
-
41a6c3
-#endif
41a6c3
-#ifdef HAVE_GENERATE_EX
41a6c3
-    {
41a6c3
-        RSA *tkey;
41a6c3
-        BIGNUM *bn_f4;
41a6c3
-        if (!(tkey = RSA_new())
41a6c3
-          || !(bn_f4 = BN_new())
41a6c3
-          || !BN_set_word(bn_f4, RSA_F4)
41a6c3
-          || !RSA_generate_key_ex(tkey, bits, bn_f4, NULL))
41a6c3
-        {
41a6c3
-            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01878)
41a6c3
-                         "Init: Failed to generate temporary "
41a6c3
-                         "%d bit RSA private key", bits);
41a6c3
-            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
41a6c3
-            return !OK;
41a6c3
-        }
41a6c3
-        BN_free(bn_f4);
41a6c3
-        mc->pTmpKeys[idx] = tkey;
41a6c3
-    }
41a6c3
-#else
41a6c3
-    if (!(mc->pTmpKeys[idx] =
41a6c3
-          RSA_generate_key(bits, RSA_F4, NULL, NULL)))
41a6c3
-    {
41a6c3
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01879)
41a6c3
-                     "Init: Failed to generate temporary "
41a6c3
-                     "%d bit RSA private key", bits);
41a6c3
-        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
41a6c3
-        return !OK;
41a6c3
-    }
41a6c3
-#endif
41a6c3
-
41a6c3
-    return OK;
41a6c3
-}
41a6c3
-
41a6c3
-static int ssl_tmp_key_init_dh(server_rec *s,
41a6c3
-                               int bits, int idx)
41a6c3
-{
41a6c3
-    SSLModConfigRec *mc = myModConfig(s);
41a6c3
-
41a6c3
-#ifdef HAVE_FIPS
41a6c3
-
41a6c3
-    if (FIPS_mode() && bits < 1024) {
41a6c3
-        mc->pTmpKeys[idx] = NULL;
41a6c3
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01880)
41a6c3
-                     "Init: Skipping generating temporary "
41a6c3
-                     "%d bit DH parameters in FIPS mode", bits);
41a6c3
-        return OK;
41a6c3
-    }
41a6c3
-
41a6c3
-#endif
41a6c3
-
41a6c3
-    if (!(mc->pTmpKeys[idx] =
41a6c3
-          ssl_dh_GetTmpParam(bits)))
41a6c3
-    {
41a6c3
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01881)
41a6c3
-                     "Init: Failed to generate temporary "
41a6c3
-                     "%d bit DH parameters", bits);
41a6c3
-        return !OK;
41a6c3
-    }
41a6c3
-
41a6c3
-    return OK;
41a6c3
-}
41a6c3
-
41a6c3
-#ifndef OPENSSL_NO_EC
41a6c3
-static int ssl_tmp_key_init_ec(server_rec *s,
41a6c3
-                               int bits, int idx)
41a6c3
-{
41a6c3
-    SSLModConfigRec *mc = myModConfig(s);
41a6c3
-    EC_KEY *ecdh = NULL;
41a6c3
-
41a6c3
-    /* XXX: Are there any FIPS constraints we should enforce? */
41a6c3
-
41a6c3
-    if (bits != 256) {
41a6c3
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02298)
41a6c3
-                     "Init: Failed to generate temporary "
41a6c3
-                     "%d bit EC parameters, only 256 bits supported", bits);
41a6c3
-        return !OK;
41a6c3
-    }
41a6c3
-
41a6c3
-    if ((ecdh = EC_KEY_new()) == NULL ||
41a6c3
-        EC_KEY_set_group(ecdh, EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 1)
41a6c3
-    {
41a6c3
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02299)
41a6c3
-                     "Init: Failed to generate temporary "
41a6c3
-                     "%d bit EC parameters", bits);
41a6c3
-        return !OK;
41a6c3
-    }
41a6c3
-
41a6c3
-    mc->pTmpKeys[idx] = ecdh;
41a6c3
-    return OK;
41a6c3
-}
41a6c3
-
41a6c3
-#define MODSSL_TMP_KEY_INIT_EC(s, bits) \
41a6c3
-    ssl_tmp_key_init_ec(s, bits, SSL_TMP_KEY_EC_##bits)
41a6c3
-
41a6c3
-#endif
41a6c3
-
41a6c3
-#define MODSSL_TMP_KEY_INIT_RSA(s, bits) \
41a6c3
-    ssl_tmp_key_init_rsa(s, bits, SSL_TMP_KEY_RSA_##bits)
41a6c3
-
41a6c3
-#define MODSSL_TMP_KEY_INIT_DH(s, bits) \
41a6c3
-    ssl_tmp_key_init_dh(s, bits, SSL_TMP_KEY_DH_##bits)
41a6c3
-
41a6c3
-static int ssl_tmp_keys_init(server_rec *s)
41a6c3
-{
41a6c3
-    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
41a6c3
-                 "Init: Generating temporary RSA private keys (512/1024 bits)");
41a6c3
-
41a6c3
-    if (MODSSL_TMP_KEY_INIT_RSA(s, 512) ||
41a6c3
-        MODSSL_TMP_KEY_INIT_RSA(s, 1024)) {
41a6c3
-        return !OK;
41a6c3
-    }
41a6c3
-
41a6c3
-    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
41a6c3
-                 "Init: Generating temporary DH parameters (512/1024 bits)");
41a6c3
-
41a6c3
-    if (MODSSL_TMP_KEY_INIT_DH(s, 512) ||
41a6c3
-        MODSSL_TMP_KEY_INIT_DH(s, 1024)) {
41a6c3
-        return !OK;
41a6c3
-    }
41a6c3
-
41a6c3
-#ifndef OPENSSL_NO_EC
41a6c3
-    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
41a6c3
-                 "Init: Generating temporary EC parameters (256 bits)");
41a6c3
-
41a6c3
-    if (MODSSL_TMP_KEY_INIT_EC(s, 256)) {
41a6c3
-        return !OK;
41a6c3
-    }
41a6c3
-#endif
41a6c3
-
41a6c3
-    return OK;
41a6c3
-}
41a6c3
-
41a6c3
 /*
41a6c3
  *  Per-module initialization
41a6c3
  */
41a6c3
@@ -370,10 +196,6 @@ int ssl_init_Module(apr_pool_t *p, apr_p
41a6c3
      */
41a6c3
     ssl_pphrase_Handle(base_server, ptemp);
41a6c3
 
41a6c3
-    if (ssl_tmp_keys_init(base_server)) {
41a6c3
-        return !OK;
41a6c3
-    }
41a6c3
-
41a6c3
     /*
41a6c3
      * initialize the mutex handling
41a6c3
      */
41a6c3
@@ -681,6 +503,9 @@ static void ssl_init_ctx_protocol(server
41a6c3
      * Configure additional context ingredients
41a6c3
      */
41a6c3
     SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
41a6c3
+#ifndef OPENSSL_NO_EC
41a6c3
+    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
41a6c3
+#endif
41a6c3
 
41a6c3
 #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
41a6c3
     /*
41a6c3
@@ -721,11 +546,7 @@ static void ssl_init_ctx_callbacks(serve
41a6c3
 {
41a6c3
     SSL_CTX *ctx = mctx->ssl_ctx;
41a6c3
 
41a6c3
-    SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
41a6c3
     SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
41a6c3
-#ifndef OPENSSL_NO_EC
41a6c3
-    SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH);
41a6c3
-#endif
41a6c3
 
41a6c3
     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
41a6c3
 
41a6c3
@@ -1165,12 +986,16 @@ static void ssl_init_server_certs(server
41a6c3
                                   modssl_ctx_t *mctx)
41a6c3
 {
41a6c3
     const char *rsa_id, *dsa_id;
41a6c3
-#ifndef OPENSSL_NO_EC
41a6c3
+#ifndef OPENSSL_NO_EC
41a6c3
     const char *ecc_id;
41a6c3
+    EC_GROUP *ecparams;
41a6c3
+    int nid;
41a6c3
+    EC_KEY *eckey;
41a6c3
 #endif
41a6c3
     const char *vhost_id = mctx->sc->vhost_id;
41a6c3
     int i;
41a6c3
     int have_rsa, have_dsa;
41a6c3
+    DH *dhparams;
41a6c3
 #ifndef OPENSSL_NO_EC
41a6c3
     int have_ecc;
41a6c3
 #endif
41a6c3
@@ -1217,6 +1042,40 @@ static void ssl_init_server_certs(server
41a6c3
                 "Oops, no " KEYTYPES " server private key found?!");
41a6c3
         ssl_die(s);
41a6c3
     }
41a6c3
+
41a6c3
+    /*
41a6c3
+     * Try to read DH parameters from the (first) SSLCertificateFile
41a6c3
+     */
41a6c3
+    if ((mctx->pks->cert_files[0] != NULL) &&
41a6c3
+        (dhparams = ssl_dh_GetParamFromFile(mctx->pks->cert_files[0]))) {
41a6c3
+        SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
41a6c3
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
41a6c3
+                     "Custom DH parameters (%d bits) for %s loaded from %s",
41a6c3
+                     BN_num_bits(dhparams->p), vhost_id,
41a6c3
+                     mctx->pks->cert_files[0]);
41a6c3
+    }
41a6c3
+
41a6c3
+#ifndef OPENSSL_NO_EC
41a6c3
+    /*
41a6c3
+     * Similarly, try to read the ECDH curve name from SSLCertificateFile...
41a6c3
+     */
41a6c3
+    if ((mctx->pks->cert_files[0] != NULL) &&
41a6c3
+        (ecparams = ssl_ec_GetParamFromFile(mctx->pks->cert_files[0])) &&
41a6c3
+        (nid = EC_GROUP_get_curve_name(ecparams)) &&
41a6c3
+        (eckey = EC_KEY_new_by_curve_name(nid))) {
41a6c3
+        SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
41a6c3
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541)
41a6c3
+                     "ECDH curve %s for %s specified in %s",
41a6c3
+                     OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]);
41a6c3
+    }
41a6c3
+    /*
41a6c3
+     * ...otherwise, configure NIST P-256 (required to enable ECDHE)
41a6c3
+     */
41a6c3
+    else {
41a6c3
+        SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
41a6c3
+                             EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
41a6c3
+    }
41a6c3
+#endif
41a6c3
 }
41a6c3
 
41a6c3
 #ifdef HAVE_TLS_SESSION_TICKETS
41a6c3
@@ -1754,11 +1613,6 @@ apr_status_t ssl_init_ModuleKill(void *d
41a6c3
     ssl_scache_kill(base_server);
41a6c3
 
41a6c3
     /*
41a6c3
-     * Destroy the temporary keys and params
41a6c3
-     */
41a6c3
-    ssl_tmp_keys_free(base_server);
41a6c3
-
41a6c3
-    /*
41a6c3
      * Free the non-pool allocated structures
41a6c3
      * in the per-server configurations
41a6c3
      */
41a6c3
--- httpd-2.4.6/modules/ssl/ssl_engine_kernel.c.r1542327
41a6c3
+++ httpd-2.4.6/modules/ssl/ssl_engine_kernel.c
41a6c3
@@ -1289,117 +1289,70 @@ const authz_provider ssl_authz_provider_
41a6c3
 */
41a6c3
 
41a6c3
 /*
41a6c3
- * Handle out temporary RSA private keys on demand
41a6c3
- *
41a6c3
- * The background of this as the TLSv1 standard explains it:
41a6c3
- *
41a6c3
- * | D.1. Temporary RSA keys
41a6c3
- * |
41a6c3
- * |    US Export restrictions limit RSA keys used for encryption to 512
41a6c3
- * |    bits, but do not place any limit on lengths of RSA keys used for
41a6c3
- * |    signing operations. Certificates often need to be larger than 512
41a6c3
- * |    bits, since 512-bit RSA keys are not secure enough for high-value
41a6c3
- * |    transactions or for applications requiring long-term security. Some
41a6c3
- * |    certificates are also designated signing-only, in which case they
41a6c3
- * |    cannot be used for key exchange.
41a6c3
- * |
41a6c3
- * |    When the public key in the certificate cannot be used for encryption,
41a6c3
- * |    the server signs a temporary RSA key, which is then exchanged. In
41a6c3
- * |    exportable applications, the temporary RSA key should be the maximum
41a6c3
- * |    allowable length (i.e., 512 bits). Because 512-bit RSA keys are
41a6c3
- * |    relatively insecure, they should be changed often. For typical
41a6c3
- * |    electronic commerce applications, it is suggested that keys be
41a6c3
- * |    changed daily or every 500 transactions, and more often if possible.
41a6c3
- * |    Note that while it is acceptable to use the same temporary key for
41a6c3
- * |    multiple transactions, it must be signed each time it is used.
41a6c3
- * |
41a6c3
- * |    RSA key generation is a time-consuming process. In many cases, a
41a6c3
- * |    low-priority process can be assigned the task of key generation.
41a6c3
- * |    Whenever a new key is completed, the existing temporary key can be
41a6c3
- * |    replaced with the new one.
41a6c3
- *
41a6c3
- * XXX: base on comment above, if thread support is enabled,
41a6c3
- * we should spawn a low-priority thread to generate new keys
41a6c3
- * on the fly.
41a6c3
- *
41a6c3
- * So we generated 512 and 1024 bit temporary keys on startup
41a6c3
- * which we now just hand out on demand....
41a6c3
+ * Grab well-defined DH parameters from OpenSSL, see <openssl/bn.h>
41a6c3
+ * (get_rfc*) for all available primes.
41a6c3
  */
41a6c3
-
41a6c3
-RSA *ssl_callback_TmpRSA(SSL *ssl, int export, int keylen)
41a6c3
-{
41a6c3
-    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
41a6c3
-    SSLModConfigRec *mc = myModConfigFromConn(c);
41a6c3
-    int idx;
41a6c3
-
41a6c3
-    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
41a6c3
-                  "handing out temporary %d bit RSA key", keylen);
41a6c3
-
41a6c3
-    /* doesn't matter if export flag is on,
41a6c3
-     * we won't be asked for keylen > 512 in that case.
41a6c3
-     * if we are asked for a keylen > 1024, it is too expensive
41a6c3
-     * to generate on the fly.
41a6c3
-     * XXX: any reason not to generate 2048 bit keys at startup?
41a6c3
-     */
41a6c3
-
41a6c3
-    switch (keylen) {
41a6c3
-      case 512:
41a6c3
-        idx = SSL_TMP_KEY_RSA_512;
41a6c3
-        break;
41a6c3
-
41a6c3
-      case 1024:
41a6c3
-      default:
41a6c3
-        idx = SSL_TMP_KEY_RSA_1024;
41a6c3
-    }
41a6c3
-
41a6c3
-    return (RSA *)mc->pTmpKeys[idx];
41a6c3
+#define make_get_dh(rfc,size,gen) \
41a6c3
+static DH *get_dh##size(void) \
41a6c3
+{ \
41a6c3
+    DH *dh; \
41a6c3
+    if (!(dh = DH_new())) { \
41a6c3
+        return NULL; \
41a6c3
+    } \
41a6c3
+    dh->p = get_##rfc##_prime_##size(NULL); \
41a6c3
+    BN_dec2bn(&dh->g, #gen); \
41a6c3
+    if (!dh->p || !dh->g) { \
41a6c3
+        DH_free(dh); \
41a6c3
+        return NULL; \
41a6c3
+    } \
41a6c3
+    return dh; \
41a6c3
 }
41a6c3
 
41a6c3
 /*
41a6c3
- * Hand out the already generated DH parameters...
41a6c3
+ * Prepare DH parameters from 1024 to 4096 bits, in 1024-bit increments
41a6c3
+ */
41a6c3
+make_get_dh(rfc2409, 1024, 2)
41a6c3
+make_get_dh(rfc3526, 2048, 2)
41a6c3
+make_get_dh(rfc3526, 3072, 2)
41a6c3
+make_get_dh(rfc3526, 4096, 2)
41a6c3
+
41a6c3
+/*
41a6c3
+ * Hand out standard DH parameters, based on the authentication strength
41a6c3
  */
41a6c3
 DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
41a6c3
 {
41a6c3
     conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
41a6c3
-    SSLModConfigRec *mc = myModConfigFromConn(c);
41a6c3
-    int idx;
41a6c3
-
41a6c3
-    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
41a6c3
-                  "handing out temporary %d bit DH key", keylen);
41a6c3
+    EVP_PKEY *pkey = SSL_get_privatekey(ssl);
41a6c3
+    int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
41a6c3
 
41a6c3
-    switch (keylen) {
41a6c3
-      case 512:
41a6c3
-        idx = SSL_TMP_KEY_DH_512;
41a6c3
-        break;
41a6c3
-
41a6c3
-      case 1024:
41a6c3
-      default:
41a6c3
-        idx = SSL_TMP_KEY_DH_1024;
41a6c3
+    /*
41a6c3
+     * OpenSSL will call us with either keylen == 512 or keylen == 1024
41a6c3
+     * (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
41a6c3
+     * Adjust the DH parameter length according to the size of the
41a6c3
+     * RSA/DSA private key used for the current connection, and always
41a6c3
+     * use at least 1024-bit parameters.
41a6c3
+     * Note: This may cause interoperability issues with implementations
41a6c3
+     * which limit their DH support to 1024 bit - e.g. Java 7 and earlier.
41a6c3
+     * In this case, SSLCertificateFile can be used to specify fixed
41a6c3
+     * 1024-bit DH parameters (with the effect that OpenSSL skips this
41a6c3
+     * callback).
41a6c3
+     */
41a6c3
+    if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) {
41a6c3
+        keylen = EVP_PKEY_bits(pkey);
41a6c3
     }
41a6c3
 
41a6c3
-    return (DH *)mc->pTmpKeys[idx];
41a6c3
-}
41a6c3
-
41a6c3
-#ifndef OPENSSL_NO_EC
41a6c3
-EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen)
41a6c3
-{
41a6c3
-    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
41a6c3
-    SSLModConfigRec *mc = myModConfigFromConn(c);
41a6c3
-    int idx;
41a6c3
-
41a6c3
-    /* XXX Uses 256-bit key for now. TODO: support other sizes. */
41a6c3
     ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
41a6c3
-                  "handing out temporary 256 bit ECC key");
41a6c3
-
41a6c3
-    switch (keylen) {
41a6c3
-      case 256:
41a6c3
-      default:
41a6c3
-        idx = SSL_TMP_KEY_EC_256;
41a6c3
-    }
41a6c3
+                  "handing out built-in DH parameters for %d-bit authenticated connection", keylen);
41a6c3
 
41a6c3
-    return (EC_KEY *)mc->pTmpKeys[idx];
41a6c3
+    if (keylen >= 4096)
41a6c3
+        return get_dh4096();
41a6c3
+    else if (keylen >= 3072)
41a6c3
+        return get_dh3072();
41a6c3
+    else if (keylen >= 2048)
41a6c3
+        return get_dh2048();
41a6c3
+    else
41a6c3
+        return get_dh1024();
41a6c3
 }
41a6c3
-#endif
41a6c3
 
41a6c3
 /*
41a6c3
  * This OpenSSL callback function is called when OpenSSL
41a6c3
--- httpd-2.4.6/modules/ssl/ssl_private.h.r1542327
41a6c3
+++ httpd-2.4.6/modules/ssl/ssl_private.h
41a6c3
@@ -310,22 +310,6 @@ typedef int ssl_algo_t;
41a6c3
 #define SSL_AIDX_MAX     (2)
41a6c3
 #endif
41a6c3
 
41a6c3
-
41a6c3
-/**
41a6c3
- * Define IDs for the temporary RSA keys and DH params
41a6c3
- */
41a6c3
-
41a6c3
-#define SSL_TMP_KEY_RSA_512  (0)
41a6c3
-#define SSL_TMP_KEY_RSA_1024 (1)
41a6c3
-#define SSL_TMP_KEY_DH_512   (2)
41a6c3
-#define SSL_TMP_KEY_DH_1024  (3)
41a6c3
-#ifndef OPENSSL_NO_EC
41a6c3
-#define SSL_TMP_KEY_EC_256   (4)
41a6c3
-#define SSL_TMP_KEY_MAX      (5)
41a6c3
-#else
41a6c3
-#define SSL_TMP_KEY_MAX      (4)
41a6c3
-#endif
41a6c3
-
41a6c3
 /**
41a6c3
  * Define the SSL options
41a6c3
  */
41a6c3
@@ -547,7 +531,6 @@ typedef struct {
41a6c3
     apr_global_mutex_t   *pMutex;
41a6c3
     apr_array_header_t   *aRandSeed;
41a6c3
     apr_hash_t     *tVHostKeys;
41a6c3
-    void           *pTmpKeys[SSL_TMP_KEY_MAX];
41a6c3
 
41a6c3
     /* Two hash tables of pointers to ssl_asn1_t structures.  The
41a6c3
      * structures are used to store certificates and private keys
41a6c3
@@ -837,11 +820,7 @@ extern const authz_provider ssl_authz_pr
41a6c3
 extern const authz_provider ssl_authz_provider_verify_client;
41a6c3
 
41a6c3
 /**  OpenSSL callbacks */
41a6c3
-RSA         *ssl_callback_TmpRSA(SSL *, int, int);
41a6c3
 DH          *ssl_callback_TmpDH(SSL *, int, int);
41a6c3
-#ifndef OPENSSL_NO_EC
41a6c3
-EC_KEY      *ssl_callback_TmpECDH(SSL *, int, int);
41a6c3
-#endif
41a6c3
 int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
41a6c3
 int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
41a6c3
 int          ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
41a6c3
@@ -921,8 +900,10 @@ int          ssl_init_ssl_connection(con
41a6c3
 void         ssl_pphrase_Handle(server_rec *, apr_pool_t *);
41a6c3
 
41a6c3
 /**  Diffie-Hellman Parameter Support  */
41a6c3
-DH           *ssl_dh_GetTmpParam(int);
41a6c3
-DH           *ssl_dh_GetParamFromFile(char *);
41a6c3
+DH           *ssl_dh_GetParamFromFile(const char *);
41a6c3
+#ifndef OPNESSL_NO_EC
41a6c3
+EC_GROUP     *ssl_ec_GetParamFromFile(const char *);
41a6c3
+#endif
41a6c3
 
41a6c3
 unsigned char *ssl_asn1_table_set(apr_hash_t *table,
41a6c3
                                   const char *key,
41a6c3
--- httpd-2.4.6/modules/ssl/ssl_util_ssl.c.r1542327
41a6c3
+++ httpd-2.4.6/modules/ssl/ssl_util_ssl.c
41a6c3
@@ -483,6 +483,38 @@ BOOL SSL_X509_INFO_load_path(apr_pool_t
41a6c3
 
41a6c3
 /*  _________________________________________________________________
41a6c3
 **
41a6c3
+**  Custom (EC)DH parameter support
41a6c3
+**  _________________________________________________________________
41a6c3
+*/
41a6c3
+
41a6c3
+DH *ssl_dh_GetParamFromFile(const char *file)
41a6c3
+{
41a6c3
+    DH *dh = NULL;
41a6c3
+    BIO *bio;
41a6c3
+
41a6c3
+    if ((bio = BIO_new_file(file, "r")) == NULL)
41a6c3
+        return NULL;
41a6c3
+    dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
41a6c3
+    BIO_free(bio);
41a6c3
+    return (dh);
41a6c3
+}
41a6c3
+
41a6c3
+#ifndef OPENSSL_NO_EC
41a6c3
+EC_GROUP *ssl_ec_GetParamFromFile(const char *file)
41a6c3
+{
41a6c3
+    EC_GROUP *group = NULL;
41a6c3
+    BIO *bio;
41a6c3
+
41a6c3
+    if ((bio = BIO_new_file(file, "r")) == NULL)
41a6c3
+        return NULL;
41a6c3
+    group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL);
41a6c3
+    BIO_free(bio);
41a6c3
+    return (group);
41a6c3
+}
41a6c3
+#endif
41a6c3
+
41a6c3
+/*  _________________________________________________________________
41a6c3
+**
41a6c3
 **  Extra Server Certificate Chain Support
41a6c3
 **  _________________________________________________________________
41a6c3
 */