提交 06ab81f9 编写于 作者: B Ben Laurie

Add support for new TLS export ciphersuites.

上级 abf87f79
...@@ -5,6 +5,12 @@ ...@@ -5,6 +5,12 @@
Changes between 0.9.1c and 0.9.2 Changes between 0.9.1c and 0.9.2
*) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
[Ben Laurie]
*) Add preliminary config info for new extension code. *) Add preliminary config info for new extension code.
[Steve Henson] [Steve Henson]
......
...@@ -290,7 +290,7 @@ SSL *s; ...@@ -290,7 +290,7 @@ SSL *s;
for (j=0; j<sk_num(sk); j++) for (j=0; j<sk_num(sk); j++)
{ {
c=(SSL_CIPHER *)sk_value(sk,j); c=(SSL_CIPHER *)sk_value(sk,j);
if (!(c->algorithms & SSL_EXP)) if (!SSL_C_IS_EXPORT(c))
{ {
if ((c->id>>24L) == 2L) if ((c->id>>24L) == 2L)
ne2=1; ne2=1;
......
...@@ -568,7 +568,7 @@ SSL *s; ...@@ -568,7 +568,7 @@ SSL *s;
if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
enc=8; enc=8;
else if (sess->cipher->algorithms & SSL_EXP) else if (SSL_C_IS_EXPORT(sess->cipher))
enc=5; enc=5;
else else
enc=i; enc=i;
......
...@@ -78,7 +78,7 @@ SSL_CIPHER ssl2_ciphers[]={ ...@@ -78,7 +78,7 @@ SSL_CIPHER ssl2_ciphers[]={
1, 1,
SSL2_TXT_NULL_WITH_MD5, SSL2_TXT_NULL_WITH_MD5,
SSL2_CK_NULL_WITH_MD5, SSL2_CK_NULL_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP|SSL_SSLV2, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP40|SSL_SSLV2,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -88,7 +88,7 @@ SSL_CIPHER ssl2_ciphers[]={ ...@@ -88,7 +88,7 @@ SSL_CIPHER ssl2_ciphers[]={
1, 1,
SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
SSL2_CK_RC4_128_EXPORT40_WITH_MD5, SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP|SSL_SSLV2, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP40|SSL_SSLV2,
SSL2_CF_5_BYTE_ENC, SSL2_CF_5_BYTE_ENC,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -97,7 +97,7 @@ SSL_CIPHER ssl2_ciphers[]={ ...@@ -97,7 +97,7 @@ SSL_CIPHER ssl2_ciphers[]={
1, 1,
SSL2_TXT_RC4_128_WITH_MD5, SSL2_TXT_RC4_128_WITH_MD5,
SSL2_CK_RC4_128_WITH_MD5, SSL2_CK_RC4_128_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -106,7 +106,7 @@ SSL_CIPHER ssl2_ciphers[]={ ...@@ -106,7 +106,7 @@ SSL_CIPHER ssl2_ciphers[]={
1, 1,
SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP|SSL_SSLV2, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP40|SSL_SSLV2,
SSL2_CF_5_BYTE_ENC, SSL2_CF_5_BYTE_ENC,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -115,7 +115,7 @@ SSL_CIPHER ssl2_ciphers[]={ ...@@ -115,7 +115,7 @@ SSL_CIPHER ssl2_ciphers[]={
1, 1,
SSL2_TXT_RC2_128_CBC_WITH_MD5, SSL2_TXT_RC2_128_CBC_WITH_MD5,
SSL2_CK_RC2_128_CBC_WITH_MD5, SSL2_CK_RC2_128_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -124,7 +124,7 @@ SSL_CIPHER ssl2_ciphers[]={ ...@@ -124,7 +124,7 @@ SSL_CIPHER ssl2_ciphers[]={
1, 1,
SSL2_TXT_IDEA_128_CBC_WITH_MD5, SSL2_TXT_IDEA_128_CBC_WITH_MD5,
SSL2_CK_IDEA_128_CBC_WITH_MD5, SSL2_CK_IDEA_128_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM, SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -133,7 +133,7 @@ SSL_CIPHER ssl2_ciphers[]={ ...@@ -133,7 +133,7 @@ SSL_CIPHER ssl2_ciphers[]={
1, 1,
SSL2_TXT_DES_64_CBC_WITH_MD5, SSL2_TXT_DES_64_CBC_WITH_MD5,
SSL2_CK_DES_64_CBC_WITH_MD5, SSL2_CK_DES_64_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -142,7 +142,7 @@ SSL_CIPHER ssl2_ciphers[]={ ...@@ -142,7 +142,7 @@ SSL_CIPHER ssl2_ciphers[]={
1, 1,
SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5, SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
SSL2_CK_DES_192_EDE3_CBC_WITH_MD5, SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH, SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
......
...@@ -401,7 +401,7 @@ SSL *s; ...@@ -401,7 +401,7 @@ SSL *s;
&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
export=(s->session->cipher->algorithms & SSL_EXP)?1:0; export=SSL_C_IS_EXPORT(s->session->cipher);
if (!ssl_cipher_get_evp(s->session,&c,&md,NULL)) if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{ {
......
...@@ -1689,12 +1689,13 @@ SSL *s; ...@@ -1689,12 +1689,13 @@ SSL *s;
#endif #endif
#endif #endif
if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP)) if (SSL_IS_EXPORT(algs) && !has_bits(i,EVP_PKT_EXP))
{ {
#ifndef NO_RSA #ifndef NO_RSA
if (algs & SSL_kRSA) if (algs & SSL_kRSA)
{ {
if ((rsa == NULL) || (RSA_size(rsa) > 512)) if (rsa == NULL
|| RSA_size(rsa) > SSL_EXPORT_PKEYLENGTH(algs))
{ {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
goto f_err; goto f_err;
...@@ -1704,8 +1705,9 @@ SSL *s; ...@@ -1704,8 +1705,9 @@ SSL *s;
#endif #endif
#ifndef NO_DH #ifndef NO_DH
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{ {
if ((dh == NULL) || (DH_size(dh) > 512)) if (dh == NULL
|| DH_size(dh) > SSL_EXPORT_PKEYLENGTH(algs))
{ {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
goto f_err; goto f_err;
......
...@@ -141,7 +141,7 @@ int which; ...@@ -141,7 +141,7 @@ int which;
MD5_CTX md; MD5_CTX md;
int exp,n,i,j,k,cl; int exp,n,i,j,k,cl;
exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0; exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc; c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash; m=s->s3->tmp.new_hash;
if (s->s3->tmp.new_compression == NULL) if (s->s3->tmp.new_compression == NULL)
...@@ -213,7 +213,8 @@ int which; ...@@ -213,7 +213,8 @@ int which;
p=s->s3->tmp.key_block; p=s->s3->tmp.key_block;
i=EVP_MD_size(m); i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c); cl=EVP_CIPHER_key_length(c);
j=exp ? (cl < 5 ? cl : 5) : cl; j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c); k=EVP_CIPHER_iv_length(c);
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
...@@ -283,7 +284,7 @@ SSL *s; ...@@ -283,7 +284,7 @@ SSL *s;
unsigned char *p; unsigned char *p;
EVP_CIPHER *c; EVP_CIPHER *c;
EVP_MD *hash; EVP_MD *hash;
int num,exp; int num;
SSL_COMP *comp; SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0) if (s->s3->tmp.key_block_length != 0)
...@@ -299,8 +300,6 @@ SSL *s; ...@@ -299,8 +300,6 @@ SSL *s;
s->s3->tmp.new_hash=hash; s->s3->tmp.new_hash=hash;
s->s3->tmp.new_compression=comp; s->s3->tmp.new_compression=comp;
exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
num*=2; num*=2;
......
...@@ -77,7 +77,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -77,7 +77,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_RSA_NULL_MD5, SSL3_TXT_RSA_NULL_MD5,
SSL3_CK_RSA_NULL_MD5, SSL3_CK_RSA_NULL_MD5,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -86,7 +86,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -86,7 +86,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_RSA_NULL_SHA, SSL3_TXT_RSA_NULL_SHA,
SSL3_CK_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -97,7 +97,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -97,7 +97,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_ADH_RC4_40_MD5, SSL3_TXT_ADH_RC4_40_MD5,
SSL3_CK_ADH_RC4_40_MD5, SSL3_CK_ADH_RC4_40_MD5,
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3, SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -106,7 +106,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -106,7 +106,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_ADH_RC4_128_MD5, SSL3_TXT_ADH_RC4_128_MD5,
SSL3_CK_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5,
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -115,7 +115,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -115,7 +115,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_ADH_DES_40_CBC_SHA, SSL3_TXT_ADH_DES_40_CBC_SHA,
SSL3_CK_ADH_DES_40_CBC_SHA, SSL3_CK_ADH_DES_40_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -124,7 +124,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -124,7 +124,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_ADH_DES_64_CBC_SHA, SSL3_TXT_ADH_DES_64_CBC_SHA,
SSL3_CK_ADH_DES_64_CBC_SHA, SSL3_CK_ADH_DES_64_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -133,7 +133,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -133,7 +133,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_ADH_DES_192_CBC_SHA, SSL3_TXT_ADH_DES_192_CBC_SHA,
SSL3_CK_ADH_DES_192_CBC_SHA, SSL3_CK_ADH_DES_192_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -144,7 +144,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -144,7 +144,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_RSA_RC4_40_MD5, SSL3_TXT_RSA_RC4_40_MD5,
SSL3_CK_RSA_RC4_40_MD5, SSL3_CK_RSA_RC4_40_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3, SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -153,7 +153,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -153,7 +153,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_RSA_RC4_128_MD5, SSL3_TXT_RSA_RC4_128_MD5,
SSL3_CK_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -162,7 +162,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -162,7 +162,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_RSA_RC4_128_SHA, SSL3_TXT_RSA_RC4_128_SHA,
SSL3_CK_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA,
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -171,7 +171,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -171,7 +171,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_RSA_RC2_40_MD5, SSL3_TXT_RSA_RC2_40_MD5,
SSL3_CK_RSA_RC2_40_MD5, SSL3_CK_RSA_RC2_40_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP|SSL_SSLV3, SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -180,7 +180,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -180,7 +180,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_RSA_IDEA_128_SHA, SSL3_TXT_RSA_IDEA_128_SHA,
SSL3_CK_RSA_IDEA_128_SHA, SSL3_CK_RSA_IDEA_128_SHA,
SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -189,7 +189,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -189,7 +189,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_RSA_DES_40_CBC_SHA, SSL3_TXT_RSA_DES_40_CBC_SHA,
SSL3_CK_RSA_DES_40_CBC_SHA, SSL3_CK_RSA_DES_40_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -198,7 +198,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -198,7 +198,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_RSA_DES_64_CBC_SHA, SSL3_TXT_RSA_DES_64_CBC_SHA,
SSL3_CK_RSA_DES_64_CBC_SHA, SSL3_CK_RSA_DES_64_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -207,7 +207,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -207,7 +207,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_TXT_RSA_DES_192_CBC3_SHA,
SSL3_CK_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA,
SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -218,7 +218,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -218,7 +218,7 @@ SSL_CIPHER ssl3_ciphers[]={
0, 0,
SSL3_TXT_DH_DSS_DES_40_CBC_SHA, SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
SSL3_CK_DH_DSS_DES_40_CBC_SHA, SSL3_CK_DH_DSS_DES_40_CBC_SHA,
SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -227,7 +227,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -227,7 +227,7 @@ SSL_CIPHER ssl3_ciphers[]={
0, 0,
SSL3_TXT_DH_DSS_DES_64_CBC_SHA, SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
SSL3_CK_DH_DSS_DES_64_CBC_SHA, SSL3_CK_DH_DSS_DES_64_CBC_SHA,
SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -236,7 +236,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -236,7 +236,7 @@ SSL_CIPHER ssl3_ciphers[]={
0, 0,
SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
SSL3_CK_DH_DSS_DES_192_CBC3_SHA, SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -245,7 +245,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -245,7 +245,7 @@ SSL_CIPHER ssl3_ciphers[]={
0, 0,
SSL3_TXT_DH_RSA_DES_40_CBC_SHA, SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
SSL3_CK_DH_RSA_DES_40_CBC_SHA, SSL3_CK_DH_RSA_DES_40_CBC_SHA,
SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -254,7 +254,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -254,7 +254,7 @@ SSL_CIPHER ssl3_ciphers[]={
0, 0,
SSL3_TXT_DH_RSA_DES_64_CBC_SHA, SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
SSL3_CK_DH_RSA_DES_64_CBC_SHA, SSL3_CK_DH_RSA_DES_64_CBC_SHA,
SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -263,7 +263,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -263,7 +263,7 @@ SSL_CIPHER ssl3_ciphers[]={
0, 0,
SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
SSL3_CK_DH_RSA_DES_192_CBC3_SHA, SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -274,7 +274,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -274,7 +274,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
SSL3_CK_EDH_DSS_DES_40_CBC_SHA, SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -283,7 +283,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -283,7 +283,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
SSL3_CK_EDH_DSS_DES_64_CBC_SHA, SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -292,7 +292,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -292,7 +292,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -301,7 +301,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -301,7 +301,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
SSL3_CK_EDH_RSA_DES_40_CBC_SHA, SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -310,7 +310,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -310,7 +310,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
SSL3_CK_EDH_RSA_DES_64_CBC_SHA, SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -319,7 +319,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -319,7 +319,7 @@ SSL_CIPHER ssl3_ciphers[]={
1, 1,
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -330,7 +330,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -330,7 +330,7 @@ SSL_CIPHER ssl3_ciphers[]={
0, 0,
SSL3_TXT_FZA_DMS_NULL_SHA, SSL3_TXT_FZA_DMS_NULL_SHA,
SSL3_CK_FZA_DMS_NULL_SHA, SSL3_CK_FZA_DMS_NULL_SHA,
SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -340,7 +340,7 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -340,7 +340,7 @@ SSL_CIPHER ssl3_ciphers[]={
0, 0,
SSL3_TXT_FZA_DMS_FZA_SHA, SSL3_TXT_FZA_DMS_FZA_SHA,
SSL3_CK_FZA_DMS_FZA_SHA, SSL3_CK_FZA_DMS_FZA_SHA,
SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
...@@ -350,11 +350,40 @@ SSL_CIPHER ssl3_ciphers[]={ ...@@ -350,11 +350,40 @@ SSL_CIPHER ssl3_ciphers[]={
0, 0,
SSL3_TXT_FZA_DMS_RC4_SHA, SSL3_TXT_FZA_DMS_RC4_SHA,
SSL3_CK_FZA_DMS_RC4_SHA, SSL3_CK_FZA_DMS_RC4_SHA,
SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
0, 0,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
}, },
/* New TLS Export CipherSuites */
/* Cipher 60 */
{
1,
TLS1_TXT_RSA_EXPORT56_WITH_RC4_56_MD5,
TLS1_CK_RSA_EXPORT56_WITH_RC4_56_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1,
0,
SSL_ALL_CIPHERS
},
/* Cipher 61 */
{
1,
TLS1_TXT_RSA_EXPORT56_WITH_RC2_CBC_56_MD5,
TLS1_CK_RSA_EXPORT56_WITH_RC2_CBC_56_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1,
0,
SSL_ALL_CIPHERS
},
/* Cipher 62 */
{
1,
TLS1_TXT_RSA_EXPORT56_WITH_DES_CBC_SHA,
TLS1_CK_RSA_EXPORT56_WITH_DES_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
0,
SSL_ALL_CIPHERS
},
/* end of list */ /* end of list */
}; };
...@@ -733,7 +762,7 @@ STACK *have,*pref; ...@@ -733,7 +762,7 @@ STACK *have,*pref;
{ {
c=(SSL_CIPHER *)sk_value(have,i); c=(SSL_CIPHER *)sk_value(have,i);
alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
if (alg & SSL_EXPORT) if (SSL_IS_EXPORT(alg))
{ {
ok=((alg & emask) == alg)?1:0; ok=((alg & emask) == alg)?1:0;
#ifdef CIPHER_DEBUG #ifdef CIPHER_DEBUG
......
...@@ -309,16 +309,16 @@ SSL *s; ...@@ -309,16 +309,16 @@ SSL *s;
/* only send if a DH key exchange, fortezza or /* only send if a DH key exchange, fortezza or
* RSA but we have a sign only certificate */ * RSA but we have a sign only certificate */
if ( s->s3->tmp.use_rsa_tmp || if (s->s3->tmp.use_rsa_tmp
(l & (SSL_DH|SSL_kFZA)) || || (l & (SSL_DH|SSL_kFZA))
((l & SSL_kRSA) && || ((l & SSL_kRSA)
((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)|| && (ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
((l & SSL_EXPORT) && || (SSL_IS_EXPORT(l)
(EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512) && EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
) )
) )
)
) )
)
{ {
ret=ssl3_send_server_key_exchange(s); ret=ssl3_send_server_key_exchange(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
...@@ -777,7 +777,7 @@ SSL *s; ...@@ -777,7 +777,7 @@ SSL *s;
c=(SSL_CIPHER *)sk_value(sk,i); c=(SSL_CIPHER *)sk_value(sk,i);
if (c->algorithms & SSL_eNULL) if (c->algorithms & SSL_eNULL)
nc=c; nc=c;
if (c->algorithms & SSL_EXP) if (SSL_C_IS_EXPORT(c))
ec=c; ec=c;
} }
if (nc != NULL) if (nc != NULL)
...@@ -945,8 +945,7 @@ SSL *s; ...@@ -945,8 +945,7 @@ SSL *s;
if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL)) if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL))
{ {
rsa=s->ctx->default_cert->rsa_tmp_cb(s, rsa=s->ctx->default_cert->rsa_tmp_cb(s,
!(s->s3->tmp.new_cipher->algorithms !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
&SSL_NOT_EXP));
CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
cert->rsa_tmp=rsa; cert->rsa_tmp=rsa;
} }
...@@ -968,8 +967,7 @@ SSL *s; ...@@ -968,8 +967,7 @@ SSL *s;
dhp=cert->dh_tmp; dhp=cert->dh_tmp;
if ((dhp == NULL) && (cert->dh_tmp_cb != NULL)) if ((dhp == NULL) && (cert->dh_tmp_cb != NULL))
dhp=cert->dh_tmp_cb(s, dhp=cert->dh_tmp_cb(s,
!(s->s3->tmp.new_cipher->algorithms !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
&SSL_NOT_EXP));
if (dhp == NULL) if (dhp == NULL)
{ {
al=SSL_AD_HANDSHAKE_FAILURE; al=SSL_AD_HANDSHAKE_FAILURE;
......
...@@ -132,8 +132,9 @@ extern "C" { ...@@ -132,8 +132,9 @@ extern "C" {
#define SSL_TXT_MD5 "MD5" #define SSL_TXT_MD5 "MD5"
#define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA1 "SHA1"
#define SSL_TXT_SHA "SHA" #define SSL_TXT_SHA "SHA"
#define SSL_TXT_EXP "EXP" #define SSL_TXT_EXP40 "EXP"
#define SSL_TXT_EXPORT "EXPORT" #define SSL_TXT_EXPORT "EXPORT"
#define SSL_TXT_EXP56 "EXP56"
#define SSL_TXT_SSLV2 "SSLv2" #define SSL_TXT_SSLV2 "SSLv2"
#define SSL_TXT_SSLV3 "SSLv3" #define SSL_TXT_SSLV3 "SSLv3"
#define SSL_TXT_TLSV1 "TLSv1" #define SSL_TXT_TLSV1 "TLSv1"
...@@ -988,18 +989,18 @@ int SSL_state(SSL *ssl); ...@@ -988,18 +989,18 @@ int SSL_state(SSL *ssl);
void SSL_set_verify_result(SSL *ssl,long v); void SSL_set_verify_result(SSL *ssl,long v);
long SSL_get_verify_result(SSL *ssl); long SSL_get_verify_result(SSL *ssl);
int SSL_set_ex_data(SSL *ssl,int idx,char *data); int SSL_set_ex_data(SSL *ssl,int idx,void *data);
char *SSL_get_ex_data(SSL *ssl,int idx); void *SSL_get_ex_data(SSL *ssl,int idx);
int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(), int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)()); int (*dup_func)(), void (*free_func)());
int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,char *data); int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
char *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx); void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(), int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)()); int (*dup_func)(), void (*free_func)());
int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,char *data); int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
char *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx); void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)()); int (*dup_func)(), void (*free_func)());
......
...@@ -144,14 +144,15 @@ static SSL_CIPHER cipher_aliases[]={ ...@@ -144,14 +144,15 @@ static SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_ADH, 0,SSL_ADH, 0,SSL_AUTH_MASK|SSL_MKEY_MASK}, {0,SSL_TXT_ADH, 0,SSL_ADH, 0,SSL_AUTH_MASK|SSL_MKEY_MASK},
{0,SSL_TXT_FZA, 0,SSL_FZA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK}, {0,SSL_TXT_FZA, 0,SSL_FZA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
{0,SSL_TXT_EXP, 0,SSL_EXP, 0,SSL_EXP_MASK}, {0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,_SSL_EXP_MASK},
{0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK}, {0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,_SSL_EXP_MASK},
{0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK}, {0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,_SSL_EXP_MASK},
{0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK}, {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,SSL_SSL_MASK},
{0,SSL_TXT_TLSV1,0,SSL_SSLV3,0,SSL_SSL_MASK}, {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,SSL_SSL_MASK},
{0,SSL_TXT_LOW, 0,SSL_LOW,0,SSL_STRONG_MASK}, {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,SSL_SSL_MASK},
{0,SSL_TXT_LOW, 0,SSL_LOW, 0,SSL_STRONG_MASK},
{0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK}, {0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
{0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK}, {0,SSL_TXT_HIGH, 0,SSL_HIGH, 0,SSL_STRONG_MASK},
}; };
static int init_ciphers=1; static int init_ciphers=1;
...@@ -615,7 +616,7 @@ SSL_CIPHER *cipher; ...@@ -615,7 +616,7 @@ SSL_CIPHER *cipher;
char *buf; char *buf;
int len; int len;
{ {
int export; int _export,pkl,kl;
char *ver,*exp; char *ver,*exp;
char *kx,*au,*enc,*mac; char *kx,*au,*enc,*mac;
unsigned long alg,alg2; unsigned long alg,alg2;
...@@ -624,8 +625,10 @@ int len; ...@@ -624,8 +625,10 @@ int len;
alg=cipher->algorithms; alg=cipher->algorithms;
alg2=cipher->algorithm2; alg2=cipher->algorithm2;
export=(alg&SSL_EXP)?1:0; _export=SSL_IS_EXPORT(alg);
exp=(export)?" export":""; pkl=SSL_EXPORT_PKEYLENGTH(alg);
kl=SSL_EXPORT_KEYLENGTH(alg);
exp=_export?" export":"";
if (alg & SSL_SSLV2) if (alg & SSL_SSLV2)
ver="SSLv2"; ver="SSLv2";
...@@ -637,7 +640,7 @@ int len; ...@@ -637,7 +640,7 @@ int len;
switch (alg&SSL_MKEY_MASK) switch (alg&SSL_MKEY_MASK)
{ {
case SSL_kRSA: case SSL_kRSA:
kx=(export)?"RSA(512)":"RSA"; kx=_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
break; break;
case SSL_kDHr: case SSL_kDHr:
kx="DH/RSA"; kx="DH/RSA";
...@@ -649,7 +652,7 @@ int len; ...@@ -649,7 +652,7 @@ int len;
kx="Fortezza"; kx="Fortezza";
break; break;
case SSL_kEDH: case SSL_kEDH:
kx=(export)?"DH(512)":"DH"; kx=_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
break; break;
default: default:
kx="unknown"; kx="unknown";
...@@ -678,16 +681,17 @@ int len; ...@@ -678,16 +681,17 @@ int len;
switch (alg&SSL_ENC_MASK) switch (alg&SSL_ENC_MASK)
{ {
case SSL_DES: case SSL_DES:
enc=export?"DES(40)":"DES(56)"; enc=(_export && kl == 5)?"DES(40)":"DES(56)";
break; break;
case SSL_3DES: case SSL_3DES:
enc="3DES(168)"; enc="3DES(168)";
break; break;
case SSL_RC4: case SSL_RC4:
enc=export?"RC4(40)":((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); enc=_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
:((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
break; break;
case SSL_RC2: case SSL_RC2:
enc=export?"RC2(40)":"RC2(128)"; enc=_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
break; break;
case SSL_IDEA: case SSL_IDEA:
enc="IDEA(128)"; enc="IDEA(128)";
...@@ -770,9 +774,9 @@ int *alg_bits; ...@@ -770,9 +774,9 @@ int *alg_bits;
a=EVP_CIPHER_key_length(enc)*8; a=EVP_CIPHER_key_length(enc)*8;
if (c->algorithms & SSL_EXP) if (SSL_C_IS_EXPORT(c))
{ {
ret=40; ret=SSL_C_EXPORT_KEYLENGTH(c)*8;
} }
else else
{ {
......
...@@ -1236,13 +1236,13 @@ SSL *s; ...@@ -1236,13 +1236,13 @@ SSL *s;
{ {
unsigned long alg,mask,kalg; unsigned long alg,mask,kalg;
CERT *c; CERT *c;
int i,export; int i,_export;
c=s->cert; c=s->cert;
ssl_set_cert_masks(c); ssl_set_cert_masks(c);
alg=s->s3->tmp.new_cipher->algorithms; alg=s->s3->tmp.new_cipher->algorithms;
export=(alg & SSL_EXPORT)?1:0; _export=SSL_IS_EXPORT(alg);
mask=(export)?c->export_mask:c->mask; mask=_export?c->export_mask:c->mask;
kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
if (kalg & SSL_kDHr) if (kalg & SSL_kDHr)
...@@ -1822,12 +1822,12 @@ void (*free_func)(); ...@@ -1822,12 +1822,12 @@ void (*free_func)();
int SSL_set_ex_data(s,idx,arg) int SSL_set_ex_data(s,idx,arg)
SSL *s; SSL *s;
int idx; int idx;
char *arg; void *arg;
{ {
return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
} }
char *SSL_get_ex_data(s,idx) void *SSL_get_ex_data(s,idx)
SSL *s; SSL *s;
int idx; int idx;
{ {
...@@ -1849,12 +1849,12 @@ void (*free_func)(); ...@@ -1849,12 +1849,12 @@ void (*free_func)();
int SSL_CTX_set_ex_data(s,idx,arg) int SSL_CTX_set_ex_data(s,idx,arg)
SSL_CTX *s; SSL_CTX *s;
int idx; int idx;
char *arg; void *arg;
{ {
return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
} }
char *SSL_CTX_get_ex_data(s,idx) void *SSL_CTX_get_ex_data(s,idx)
SSL_CTX *s; SSL_CTX *s;
int idx; int idx;
{ {
......
...@@ -191,14 +191,25 @@ ...@@ -191,14 +191,25 @@
#define SSL_SHA1 0x00040000L #define SSL_SHA1 0x00040000L
#define SSL_SHA (SSL_SHA1) #define SSL_SHA (SSL_SHA1)
#define SSL_EXP_MASK 0x00300000L #define _SSL_EXP_MASK 0x00300000L
#define SSL_EXP 0x00100000L #define SSL_EXP40 0x00100000L
#define SSL_NOT_EXP 0x00200000L #define _SSL_NOT_EXP 0x00200000L
#define SSL_EXPORT SSL_EXP #define SSL_EXP56 0x00300000L
#define SSL_IS_EXPORT(a) ((a)&SSL_EXP40)
#define SSL_IS_EXPORT56(a) (((a)&_SSL_EXP_MASK) == SSL_EXP56)
#define SSL_IS_EXPORT40(a) (((a)&_SSL_EXP_MASK) == SSL_EXP40)
#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algorithms)
#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algorithms)
#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algorithms)
#define SSL_EXPORT_KEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 5 : 7)
#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms)
#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algorithms)
#define SSL_SSL_MASK 0x00c00000L #define SSL_SSL_MASK 0x00c00000L
#define SSL_SSLV2 0x00400000L #define SSL_SSLV2 0x00400000L
#define SSL_SSLV3 0x00800000L #define SSL_SSLV3 0x00800000L
#define SSL_TLSV1 SSL_SSLV3 /* for now */
#define SSL_STRONG_MASK 0x07000000L #define SSL_STRONG_MASK 0x07000000L
#define SSL_LOW 0x01000000L #define SSL_LOW 0x01000000L
...@@ -208,7 +219,7 @@ ...@@ -208,7 +219,7 @@
/* we have used 0fffffff - 4 bits left to go */ /* we have used 0fffffff - 4 bits left to go */
#define SSL_ALL 0xffffffffL #define SSL_ALL 0xffffffffL
#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\ #define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
SSL_MAC_MASK|SSL_EXP_MASK) SSL_MAC_MASK|_SSL_EXP_MASK)
/* Mostly for SSLv3 */ /* Mostly for SSLv3 */
#define SSL_PKEY_RSA_ENC 0 #define SSL_PKEY_RSA_ENC 0
......
...@@ -94,12 +94,12 @@ void (*free_func)(); ...@@ -94,12 +94,12 @@ void (*free_func)();
int SSL_SESSION_set_ex_data(s,idx,arg) int SSL_SESSION_set_ex_data(s,idx,arg)
SSL_SESSION *s; SSL_SESSION *s;
int idx; int idx;
char *arg; void *arg;
{ {
return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
} }
char *SSL_SESSION_get_ex_data(s,idx) void *SSL_SESSION_get_ex_data(s,idx)
SSL_SESSION *s; SSL_SESSION *s;
int idx; int idx;
{ {
......
...@@ -178,9 +178,9 @@ int which; ...@@ -178,9 +178,9 @@ int which;
EVP_CIPHER *c; EVP_CIPHER *c;
SSL_COMP *comp; SSL_COMP *comp;
EVP_MD *m; EVP_MD *m;
int exp,n,i,j,k,exp_label_len,cl; int _exp,n,i,j,k,exp_label_len,cl;
exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0; _exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc; c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash; m=s->s3->tmp.new_hash;
comp=s->s3->tmp.new_compression; comp=s->s3->tmp.new_compression;
...@@ -247,7 +247,8 @@ int which; ...@@ -247,7 +247,8 @@ int which;
p=s->s3->tmp.key_block; p=s->s3->tmp.key_block;
i=EVP_MD_size(m); i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c); cl=EVP_CIPHER_key_length(c);
j=exp ? (cl < 5 ? cl : 5) : cl; j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c); k=EVP_CIPHER_iv_length(c);
er1= &(s->s3->client_random[0]); er1= &(s->s3->client_random[0]);
...@@ -284,7 +285,7 @@ int which; ...@@ -284,7 +285,7 @@ int which;
printf("which = %04X\nmac key=",which); printf("which = %04X\nmac key=",which);
{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); } { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
#endif #endif
if (exp) if (_exp)
{ {
/* In here I set both the read and write key/iv to the /* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-). * same value since only the correct one will be used :-).
...@@ -297,7 +298,7 @@ printf("which = %04X\nmac key=",which); ...@@ -297,7 +298,7 @@ printf("which = %04X\nmac key=",which);
memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE; p+=SSL3_RANDOM_SIZE;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j, tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
tmp1,tmp2,EVP_CIPHER_key_length(c)); tmp1,tmp2,EVP_CIPHER_key_length(c));
key=tmp1; key=tmp1;
if (k > 0) if (k > 0)
...@@ -347,7 +348,7 @@ SSL *s; ...@@ -347,7 +348,7 @@ SSL *s;
unsigned char *p1,*p2; unsigned char *p1,*p2;
EVP_CIPHER *c; EVP_CIPHER *c;
EVP_MD *hash; EVP_MD *hash;
int num,exp; int num;
SSL_COMP *comp; SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0) if (s->s3->tmp.key_block_length != 0)
...@@ -362,8 +363,6 @@ SSL *s; ...@@ -362,8 +363,6 @@ SSL *s;
s->s3->tmp.new_sym_enc=c; s->s3->tmp.new_sym_enc=c;
s->s3->tmp.new_hash=hash; s->s3->tmp.new_hash=hash;
exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
num*=2; num*=2;
......
...@@ -82,6 +82,14 @@ extern "C" { ...@@ -82,6 +82,14 @@ extern "C" {
#define TLS1_AD_USER_CANCLED 90 #define TLS1_AD_USER_CANCLED 90
#define TLS1_AD_NO_RENEGOTIATION 100 #define TLS1_AD_NO_RENEGOTIATION 100
#define TLS1_CK_RSA_EXPORT56_WITH_RC4_56_MD5 0x03000060
#define TLS1_CK_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 0x03000061
#define TLS1_CK_RSA_EXPORT56_WITH_DES_CBC_SHA 0x03000062
#define TLS1_TXT_RSA_EXPORT56_WITH_RC4_56_MD5 "EXP56-RC4-MD5"
#define TLS1_TXT_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 "EXP56-RC2-CBC-MD5"
#define TLS1_TXT_RSA_EXPORT56_WITH_DES_CBC_SHA "EXP56-DES-CBC-SHA"
#define TLS_CT_RSA_SIGN 1 #define TLS_CT_RSA_SIGN 1
#define TLS_CT_DSS_SIGN 2 #define TLS_CT_DSS_SIGN 2
#define TLS_CT_RSA_FIXED_DH 3 #define TLS_CT_RSA_FIXED_DH 3
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册