wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add support for new TLS export ciphersuites.

Browse source
This commit is contained in:
Ben Laurie 1999-02-21 20:03:24 +00:00
parent abf87f79f7
commit 06ab81f9f7
16 changed files with 168 additions and 111 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
CHANGES
View file

@ -5,6 +5,12 @@
Changes between 0.9.1c and 0.9.2
*) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
[Ben Laurie]
*) Add preliminary config info for new extension code.
[Steve Henson]

2
ssl/s23_srvr.c
View file

@ -290,7 +290,7 @@ SSL *s;
for (j=0; j<sk_num(sk); j++)
{
c=(SSL_CIPHER *)sk_value(sk,j);
if (!(c->algorithms & SSL_EXP))
if (!SSL_C_IS_EXPORT(c))
{
if ((c->id>>24L) == 2L)
ne2=1;

2
ssl/s2_clnt.c
View file

@ -568,7 +568,7 @@ SSL *s;
if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
enc=8;
else if (sess->cipher->algorithms & SSL_EXP)
else if (SSL_C_IS_EXPORT(sess->cipher))
enc=5;
else
enc=i;

16
ssl/s2_lib.c
View file

@ -78,7 +78,7 @@ SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_NULL_WITH_MD5,
SSL2_CK_NULL_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP|SSL_SSLV2,
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP40|SSL_SSLV2,
0,
SSL_ALL_CIPHERS,
},
@ -88,7 +88,7 @@ SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP|SSL_SSLV2,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP40|SSL_SSLV2,
SSL2_CF_5_BYTE_ENC,
SSL_ALL_CIPHERS,
},
@ -97,7 +97,7 @@ SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_RC4_128_WITH_MD5,
SSL2_CK_RC4_128_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
0,
SSL_ALL_CIPHERS,
},
@ -106,7 +106,7 @@ SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP|SSL_SSLV2,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP40|SSL_SSLV2,
SSL2_CF_5_BYTE_ENC,
SSL_ALL_CIPHERS,
},
@ -115,7 +115,7 @@ SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_RC2_128_CBC_WITH_MD5,
SSL2_CK_RC2_128_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
0,
SSL_ALL_CIPHERS,
},
@ -124,7 +124,7 @@ SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_IDEA_128_CBC_WITH_MD5,
SSL2_CK_IDEA_128_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
0,
SSL_ALL_CIPHERS,
},
@ -133,7 +133,7 @@ SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_DES_64_CBC_WITH_MD5,
SSL2_CK_DES_64_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
0,
SSL_ALL_CIPHERS,
},
@ -142,7 +142,7 @@ SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
0,
SSL_ALL_CIPHERS,
},

2
ssl/s2_srvr.c
View file

@ -401,7 +401,7 @@ SSL *s;
&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
export=(s->session->cipher->algorithms & SSL_EXP)?1:0;
export=SSL_C_IS_EXPORT(s->session->cipher);
if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{

10
ssl/s3_clnt.c
View file

@ -1689,12 +1689,13 @@ SSL *s;
#endif
#endif
if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP))
if (SSL_IS_EXPORT(algs) && !has_bits(i,EVP_PKT_EXP))
{
#ifndef NO_RSA
if (algs & SSL_kRSA)
{
if ((rsa == NULL) || (RSA_size(rsa) > 512))
if (rsa == NULL
|| RSA_size(rsa) > SSL_EXPORT_PKEYLENGTH(algs))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
goto f_err;
@ -1704,8 +1705,9 @@ SSL *s;
#endif
#ifndef NO_DH
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
if ((dh == NULL) || (DH_size(dh) > 512))
{
if (dh == NULL
|| DH_size(dh) > SSL_EXPORT_PKEYLENGTH(algs))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
goto f_err;

9
ssl/s3_enc.c
View file

@ -141,7 +141,7 @@ int which;
MD5_CTX md;
int exp,n,i,j,k,cl;
exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
if (s->s3->tmp.new_compression == NULL)
@ -213,7 +213,8 @@ int which;
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c);
j=exp ? (cl < 5 ? cl : 5) : cl;
j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c);
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
@ -283,7 +284,7 @@ SSL *s;
unsigned char *p;
EVP_CIPHER *c;
EVP_MD *hash;
int num,exp;
int num;
SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0)
@ -299,8 +300,6 @@ SSL *s;
s->s3->tmp.new_hash=hash;
s->s3->tmp.new_compression=comp;
exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
num*=2;

91
ssl/s3_lib.c
View file

@ -77,7 +77,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_RSA_NULL_MD5,
SSL3_CK_RSA_NULL_MD5,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -86,7 +86,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_RSA_NULL_SHA,
SSL3_CK_RSA_NULL_SHA,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -97,7 +97,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_ADH_RC4_40_MD5,
SSL3_CK_ADH_RC4_40_MD5,
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3,
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -106,7 +106,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_ADH_RC4_128_MD5,
SSL3_CK_ADH_RC4_128_MD5,
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -115,7 +115,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_ADH_DES_40_CBC_SHA,
SSL3_CK_ADH_DES_40_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -124,7 +124,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_ADH_DES_64_CBC_SHA,
SSL3_CK_ADH_DES_64_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -133,7 +133,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_ADH_DES_192_CBC_SHA,
SSL3_CK_ADH_DES_192_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -144,7 +144,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_RSA_RC4_40_MD5,
SSL3_CK_RSA_RC4_40_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3,
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -153,7 +153,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_RSA_RC4_128_MD5,
SSL3_CK_RSA_RC4_128_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
0,
SSL_ALL_CIPHERS,
},
@ -162,7 +162,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_RSA_RC4_128_SHA,
SSL3_CK_RSA_RC4_128_SHA,
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
0,
SSL_ALL_CIPHERS,
},
@ -171,7 +171,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_RSA_RC2_40_MD5,
SSL3_CK_RSA_RC2_40_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP|SSL_SSLV3,
SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -180,7 +180,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_RSA_IDEA_128_SHA,
SSL3_CK_RSA_IDEA_128_SHA,
SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
0,
SSL_ALL_CIPHERS,
},
@ -189,7 +189,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_RSA_DES_40_CBC_SHA,
SSL3_CK_RSA_DES_40_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -198,7 +198,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_RSA_DES_64_CBC_SHA,
SSL3_CK_RSA_DES_64_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
0,
SSL_ALL_CIPHERS,
},
@ -207,7 +207,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_RSA_DES_192_CBC3_SHA,
SSL3_CK_RSA_DES_192_CBC3_SHA,
SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
0,
SSL_ALL_CIPHERS,
},
@ -218,7 +218,7 @@ SSL_CIPHER ssl3_ciphers[]={
0,
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
SSL3_CK_DH_DSS_DES_40_CBC_SHA,
SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -227,7 +227,7 @@ SSL_CIPHER ssl3_ciphers[]={
0,
SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
SSL3_CK_DH_DSS_DES_64_CBC_SHA,
SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
0,
SSL_ALL_CIPHERS,
},
@ -236,7 +236,7 @@ SSL_CIPHER ssl3_ciphers[]={
0,
SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
0,
SSL_ALL_CIPHERS,
},
@ -245,7 +245,7 @@ SSL_CIPHER ssl3_ciphers[]={
0,
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
SSL3_CK_DH_RSA_DES_40_CBC_SHA,
SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -254,7 +254,7 @@ SSL_CIPHER ssl3_ciphers[]={
0,
SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
SSL3_CK_DH_RSA_DES_64_CBC_SHA,
SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
0,
SSL_ALL_CIPHERS,
},
@ -263,7 +263,7 @@ SSL_CIPHER ssl3_ciphers[]={
0,
SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
0,
SSL_ALL_CIPHERS,
},
@ -274,7 +274,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -283,7 +283,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
0,
SSL_ALL_CIPHERS,
},
@ -292,7 +292,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
0,
SSL_ALL_CIPHERS,
},
@ -301,7 +301,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -310,7 +310,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
0,
SSL_ALL_CIPHERS,
},
@ -319,7 +319,7 @@ SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
0,
SSL_ALL_CIPHERS,
},
@ -330,7 +330,7 @@ SSL_CIPHER ssl3_ciphers[]={
0,
SSL3_TXT_FZA_DMS_NULL_SHA,
SSL3_CK_FZA_DMS_NULL_SHA,
SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -340,7 +340,7 @@ SSL_CIPHER ssl3_ciphers[]={
0,
SSL3_TXT_FZA_DMS_FZA_SHA,
SSL3_CK_FZA_DMS_FZA_SHA,
SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
@ -350,11 +350,40 @@ SSL_CIPHER ssl3_ciphers[]={
0,
SSL3_TXT_FZA_DMS_RC4_SHA,
SSL3_CK_FZA_DMS_RC4_SHA,
SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0,
SSL_ALL_CIPHERS,
},
/* New TLS Export CipherSuites */
/* Cipher 60 */
{
1,
TLS1_TXT_RSA_EXPORT56_WITH_RC4_56_MD5,
TLS1_CK_RSA_EXPORT56_WITH_RC4_56_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1,
0,
SSL_ALL_CIPHERS
},
/* Cipher 61 */
{
1,
TLS1_TXT_RSA_EXPORT56_WITH_RC2_CBC_56_MD5,
TLS1_CK_RSA_EXPORT56_WITH_RC2_CBC_56_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1,
0,
SSL_ALL_CIPHERS
},
/* Cipher 62 */
{
1,
TLS1_TXT_RSA_EXPORT56_WITH_DES_CBC_SHA,
TLS1_CK_RSA_EXPORT56_WITH_DES_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
0,
SSL_ALL_CIPHERS
},
/* end of list */
};
@ -733,7 +762,7 @@ STACK *have,*pref;
{
c=(SSL_CIPHER *)sk_value(have,i);
alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
if (alg & SSL_EXPORT)
if (SSL_IS_EXPORT(alg))
{
ok=((alg & emask) == alg)?1:0;
#ifdef CIPHER_DEBUG

26
ssl/s3_srvr.c
View file

@ -309,16 +309,16 @@ SSL *s;
/* only send if a DH key exchange, fortezza or
* RSA but we have a sign only certificate */
if ( s->s3->tmp.use_rsa_tmp ||
(l & (SSL_DH|SSL_kFZA)) ||
((l & SSL_kRSA) &&
((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)||
((l & SSL_EXPORT) &&
(EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512)
)
)
if (s->s3->tmp.use_rsa_tmp
|| (l & (SSL_DH|SSL_kFZA))
|| ((l & SSL_kRSA)
&& (ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|| (SSL_IS_EXPORT(l)
&& EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
)
)
)
)
)
{
ret=ssl3_send_server_key_exchange(s);
if (ret <= 0) goto end;
@ -777,7 +777,7 @@ SSL *s;
c=(SSL_CIPHER *)sk_value(sk,i);
if (c->algorithms & SSL_eNULL)
nc=c;
if (c->algorithms & SSL_EXP)
if (SSL_C_IS_EXPORT(c))
ec=c;
}
if (nc != NULL)
@ -945,8 +945,7 @@ SSL *s;
if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL))
{
rsa=s->ctx->default_cert->rsa_tmp_cb(s,
!(s->s3->tmp.new_cipher->algorithms
&SSL_NOT_EXP));
!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
cert->rsa_tmp=rsa;
}
@ -968,8 +967,7 @@ SSL *s;
dhp=cert->dh_tmp;
if ((dhp == NULL) && (cert->dh_tmp_cb != NULL))
dhp=cert->dh_tmp_cb(s,
!(s->s3->tmp.new_cipher->algorithms
&SSL_NOT_EXP));
!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
if (dhp == NULL)
{
al=SSL_AD_HANDSHAKE_FAILURE;

15
ssl/ssl.h
View file

@ -132,8 +132,9 @@ extern "C" {
#define SSL_TXT_MD5 "MD5"
#define SSL_TXT_SHA1 "SHA1"
#define SSL_TXT_SHA "SHA"
#define SSL_TXT_EXP "EXP"
#define SSL_TXT_EXP40 "EXP"
#define SSL_TXT_EXPORT "EXPORT"
#define SSL_TXT_EXP56 "EXP56"
#define SSL_TXT_SSLV2 "SSLv2"
#define SSL_TXT_SSLV3 "SSLv3"
#define SSL_TXT_TLSV1 "TLSv1"
@ -988,18 +989,18 @@ int SSL_state(SSL *ssl);
void SSL_set_verify_result(SSL *ssl,long v);
long SSL_get_verify_result(SSL *ssl);
int SSL_set_ex_data(SSL *ssl,int idx,char *data);
char *SSL_get_ex_data(SSL *ssl,int idx);
int SSL_set_ex_data(SSL *ssl,int idx,void *data);
void *SSL_get_ex_data(SSL *ssl,int idx);
int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)());
int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,char *data);
char *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)());
int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,char *data);
char *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)());

38
ssl/ssl_ciph.c
View file

@ -144,14 +144,15 @@ static SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_ADH, 0,SSL_ADH, 0,SSL_AUTH_MASK|SSL_MKEY_MASK},
{0,SSL_TXT_FZA, 0,SSL_FZA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
{0,SSL_TXT_EXP, 0,SSL_EXP, 0,SSL_EXP_MASK},
{0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK},
{0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK},
{0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK},
{0,SSL_TXT_TLSV1,0,SSL_SSLV3,0,SSL_SSL_MASK},
{0,SSL_TXT_LOW, 0,SSL_LOW,0,SSL_STRONG_MASK},
{0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,_SSL_EXP_MASK},
{0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,_SSL_EXP_MASK},
{0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,_SSL_EXP_MASK},
{0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,SSL_SSL_MASK},
{0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,SSL_SSL_MASK},
{0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,SSL_SSL_MASK},
{0,SSL_TXT_LOW, 0,SSL_LOW, 0,SSL_STRONG_MASK},
{0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
{0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK},
{0,SSL_TXT_HIGH, 0,SSL_HIGH, 0,SSL_STRONG_MASK},
};
static int init_ciphers=1;
@ -615,7 +616,7 @@ SSL_CIPHER *cipher;
char *buf;
int len;
{
int export;
int _export,pkl,kl;
char *ver,*exp;
char *kx,*au,*enc,*mac;
unsigned long alg,alg2;
@ -624,8 +625,10 @@ int len;
alg=cipher->algorithms;
alg2=cipher->algorithm2;
export=(alg&SSL_EXP)?1:0;
exp=(export)?" export":"";
_export=SSL_IS_EXPORT(alg);
pkl=SSL_EXPORT_PKEYLENGTH(alg);
kl=SSL_EXPORT_KEYLENGTH(alg);
exp=_export?" export":"";
if (alg & SSL_SSLV2)
ver="SSLv2";
@ -637,7 +640,7 @@ int len;
switch (alg&SSL_MKEY_MASK)
{
case SSL_kRSA:
kx=(export)?"RSA(512)":"RSA";
kx=_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
break;
case SSL_kDHr:
kx="DH/RSA";
@ -649,7 +652,7 @@ int len;
kx="Fortezza";
break;
case SSL_kEDH:
kx=(export)?"DH(512)":"DH";
kx=_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
break;
default:
kx="unknown";
@ -678,16 +681,17 @@ int len;
switch (alg&SSL_ENC_MASK)
{
case SSL_DES:
enc=export?"DES(40)":"DES(56)";
enc=(_export && kl == 5)?"DES(40)":"DES(56)";
break;
case SSL_3DES:
enc="3DES(168)";
break;
case SSL_RC4:
enc=export?"RC4(40)":((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
enc=_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
:((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
break;
case SSL_RC2:
enc=export?"RC2(40)":"RC2(128)";
enc=_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
break;
case SSL_IDEA:
enc="IDEA(128)";
@ -770,9 +774,9 @@ int *alg_bits;
a=EVP_CIPHER_key_length(enc)*8;
if (c->algorithms & SSL_EXP)
if (SSL_C_IS_EXPORT(c))
{
ret=40;
ret=SSL_C_EXPORT_KEYLENGTH(c)*8;
}
else
{

14
ssl/ssl_lib.c
View file

@ -1236,13 +1236,13 @@ SSL *s;
{
unsigned long alg,mask,kalg;
CERT *c;
int i,export;
int i,_export;
c=s->cert;
ssl_set_cert_masks(c);
alg=s->s3->tmp.new_cipher->algorithms;
export=(alg & SSL_EXPORT)?1:0;
mask=(export)?c->export_mask:c->mask;
_export=SSL_IS_EXPORT(alg);
mask=_export?c->export_mask:c->mask;
kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
if (kalg & SSL_kDHr)
@ -1822,12 +1822,12 @@ void (*free_func)();
int SSL_set_ex_data(s,idx,arg)
SSL *s;
int idx;
char *arg;
void *arg;
{
return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
}
char *SSL_get_ex_data(s,idx)
void *SSL_get_ex_data(s,idx)
SSL *s;
int idx;
{
@ -1849,12 +1849,12 @@ void (*free_func)();
int SSL_CTX_set_ex_data(s,idx,arg)
SSL_CTX *s;
int idx;
char *arg;
void *arg;
{
return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
}
char *SSL_CTX_get_ex_data(s,idx)
void *SSL_CTX_get_ex_data(s,idx)
SSL_CTX *s;
int idx;
{

21
ssl/ssl_locl.h
View file

@ -191,14 +191,25 @@
#define SSL_SHA1 0x00040000L
#define SSL_SHA (SSL_SHA1)
#define SSL_EXP_MASK 0x00300000L
#define SSL_EXP 0x00100000L
#define SSL_NOT_EXP 0x00200000L
#define SSL_EXPORT SSL_EXP
#define _SSL_EXP_MASK 0x00300000L
#define SSL_EXP40 0x00100000L
#define _SSL_NOT_EXP 0x00200000L
#define SSL_EXP56 0x00300000L
#define SSL_IS_EXPORT(a) ((a)&SSL_EXP40)
#define SSL_IS_EXPORT56(a) (((a)&_SSL_EXP_MASK) == SSL_EXP56)
#define SSL_IS_EXPORT40(a) (((a)&_SSL_EXP_MASK) == SSL_EXP40)
#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algorithms)
#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algorithms)
#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algorithms)
#define SSL_EXPORT_KEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 5 : 7)
#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms)
#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algorithms)
#define SSL_SSL_MASK 0x00c00000L
#define SSL_SSLV2 0x00400000L
#define SSL_SSLV3 0x00800000L
#define SSL_TLSV1 SSL_SSLV3 /* for now */
#define SSL_STRONG_MASK 0x07000000L
#define SSL_LOW 0x01000000L
@ -208,7 +219,7 @@
/* we have used 0fffffff - 4 bits left to go */
#define SSL_ALL 0xffffffffL
#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
SSL_MAC_MASK|SSL_EXP_MASK)
SSL_MAC_MASK|_SSL_EXP_MASK)
/* Mostly for SSLv3 */
#define SSL_PKEY_RSA_ENC 0

4
ssl/ssl_sess.c
View file

@ -94,12 +94,12 @@ void (*free_func)();
int SSL_SESSION_set_ex_data(s,idx,arg)
SSL_SESSION *s;
int idx;
char *arg;
void *arg;
{
return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
}
char *SSL_SESSION_get_ex_data(s,idx)
void *SSL_SESSION_get_ex_data(s,idx)
SSL_SESSION *s;
int idx;
{

15
ssl/t1_enc.c
View file

@ -178,9 +178,9 @@ int which;
EVP_CIPHER *c;
SSL_COMP *comp;
EVP_MD *m;
int exp,n,i,j,k,exp_label_len,cl;
int _exp,n,i,j,k,exp_label_len,cl;
exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
comp=s->s3->tmp.new_compression;
@ -247,7 +247,8 @@ int which;
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c);
j=exp ? (cl < 5 ? cl : 5) : cl;
j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c);
er1= &(s->s3->client_random[0]);
@ -284,7 +285,7 @@ int which;
printf("which = %04X\nmac key=",which);
{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
#endif
if (exp)
if (_exp)
{
/* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-).
@ -297,7 +298,7 @@ printf("which = %04X\nmac key=",which);
memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
tmp1,tmp2,EVP_CIPHER_key_length(c));
tmp1,tmp2,EVP_CIPHER_key_length(c));
key=tmp1;
if (k > 0)
@ -347,7 +348,7 @@ SSL *s;
unsigned char *p1,*p2;
EVP_CIPHER *c;
EVP_MD *hash;
int num,exp;
int num;
SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0)
@ -362,8 +363,6 @@ SSL *s;
s->s3->tmp.new_sym_enc=c;
s->s3->tmp.new_hash=hash;
exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
num*=2;

8
ssl/tls1.h
View file

@ -82,6 +82,14 @@ extern "C" {
#define TLS1_AD_USER_CANCLED 90
#define TLS1_AD_NO_RENEGOTIATION 100
#define TLS1_CK_RSA_EXPORT56_WITH_RC4_56_MD5 0x03000060
#define TLS1_CK_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 0x03000061
#define TLS1_CK_RSA_EXPORT56_WITH_DES_CBC_SHA 0x03000062
#define TLS1_TXT_RSA_EXPORT56_WITH_RC4_56_MD5 "EXP56-RC4-MD5"
#define TLS1_TXT_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 "EXP56-RC2-CBC-MD5"
#define TLS1_TXT_RSA_EXPORT56_WITH_DES_CBC_SHA "EXP56-DES-CBC-SHA"
#define TLS_CT_RSA_SIGN 1
#define TLS_CT_DSS_SIGN 2
#define TLS_CT_RSA_FIXED_DH 3