mirror of https://github.com/openssl/openssl.git
Add support for new TLS export ciphersuites.
This commit is contained in:
Ben Laurie
parent
abf87f79f7
commit
06ab81f9f7
6
CHANGES
6
CHANGES
|
|
@ -5,6 +5,12 @@
|
|||
|
||||
Changes between 0.9.1c and 0.9.2
|
||||
|
||||
*) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
|
||||
TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
|
||||
TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
|
||||
Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
|
||||
[Ben Laurie]
|
||||
|
||||
*) Add preliminary config info for new extension code.
|
||||
[Steve Henson]
|
||||
|
||||
|
|
|
|||
|
|
@ -290,7 +290,7 @@ SSL *s;
|
|||
for (j=0; j<sk_num(sk); j++)
|
||||
{
|
||||
c=(SSL_CIPHER *)sk_value(sk,j);
|
||||
if (!(c->algorithms & SSL_EXP))
|
||||
if (!SSL_C_IS_EXPORT(c))
|
||||
{
|
||||
if ((c->id>>24L) == 2L)
|
||||
ne2=1;
|
||||
|
|
|
|||
|
|
@ -568,7 +568,7 @@ SSL *s;
|
|||
|
||||
if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
|
||||
enc=8;
|
||||
else if (sess->cipher->algorithms & SSL_EXP)
|
||||
else if (SSL_C_IS_EXPORT(sess->cipher))
|
||||
enc=5;
|
||||
else
|
||||
enc=i;
|
||||
|
|
|
|||
16
ssl/s2_lib.c
16
ssl/s2_lib.c
|
|
@ -78,7 +78,7 @@ SSL_CIPHER ssl2_ciphers[]={
|
|||
1,
|
||||
SSL2_TXT_NULL_WITH_MD5,
|
||||
SSL2_CK_NULL_WITH_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP|SSL_SSLV2,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP40|SSL_SSLV2,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -88,7 +88,7 @@ SSL_CIPHER ssl2_ciphers[]={
|
|||
1,
|
||||
SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
|
||||
SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP|SSL_SSLV2,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP40|SSL_SSLV2,
|
||||
SSL2_CF_5_BYTE_ENC,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -97,7 +97,7 @@ SSL_CIPHER ssl2_ciphers[]={
|
|||
1,
|
||||
SSL2_TXT_RC4_128_WITH_MD5,
|
||||
SSL2_CK_RC4_128_WITH_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -106,7 +106,7 @@ SSL_CIPHER ssl2_ciphers[]={
|
|||
1,
|
||||
SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
|
||||
SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP|SSL_SSLV2,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP40|SSL_SSLV2,
|
||||
SSL2_CF_5_BYTE_ENC,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -115,7 +115,7 @@ SSL_CIPHER ssl2_ciphers[]={
|
|||
1,
|
||||
SSL2_TXT_RC2_128_CBC_WITH_MD5,
|
||||
SSL2_CK_RC2_128_CBC_WITH_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -124,7 +124,7 @@ SSL_CIPHER ssl2_ciphers[]={
|
|||
1,
|
||||
SSL2_TXT_IDEA_128_CBC_WITH_MD5,
|
||||
SSL2_CK_IDEA_128_CBC_WITH_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
|
||||
SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -133,7 +133,7 @@ SSL_CIPHER ssl2_ciphers[]={
|
|||
1,
|
||||
SSL2_TXT_DES_64_CBC_WITH_MD5,
|
||||
SSL2_CK_DES_64_CBC_WITH_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
|
||||
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -142,7 +142,7 @@ SSL_CIPHER ssl2_ciphers[]={
|
|||
1,
|
||||
SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
|
||||
SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
|
||||
SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
|
|||
|
|
@ -401,7 +401,7 @@ SSL *s;
|
|||
&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
|
||||
(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
|
||||
|
||||
export=(s->session->cipher->algorithms & SSL_EXP)?1:0;
|
||||
export=SSL_C_IS_EXPORT(s->session->cipher);
|
||||
|
||||
if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1689,12 +1689,13 @@ SSL *s;
|
|||
#endif
|
||||
#endif
|
||||
|
||||
if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP))
|
||||
if (SSL_IS_EXPORT(algs) && !has_bits(i,EVP_PKT_EXP))
|
||||
{
|
||||
#ifndef NO_RSA
|
||||
if (algs & SSL_kRSA)
|
||||
{
|
||||
if ((rsa == NULL) || (RSA_size(rsa) > 512))
|
||||
if (rsa == NULL
|
||||
|| RSA_size(rsa) > SSL_EXPORT_PKEYLENGTH(algs))
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
|
||||
goto f_err;
|
||||
|
|
@ -1704,8 +1705,9 @@ SSL *s;
|
|||
#endif
|
||||
#ifndef NO_DH
|
||||
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
|
||||
{
|
||||
if ((dh == NULL) || (DH_size(dh) > 512))
|
||||
{
|
||||
if (dh == NULL
|
||||
|| DH_size(dh) > SSL_EXPORT_PKEYLENGTH(algs))
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
|
||||
goto f_err;
|
||||
|
|
|
|||
|
|
@ -141,7 +141,7 @@ int which;
|
|||
MD5_CTX md;
|
||||
int exp,n,i,j,k,cl;
|
||||
|
||||
exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
|
||||
exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
|
||||
c=s->s3->tmp.new_sym_enc;
|
||||
m=s->s3->tmp.new_hash;
|
||||
if (s->s3->tmp.new_compression == NULL)
|
||||
|
|
@ -213,7 +213,8 @@ int which;
|
|||
p=s->s3->tmp.key_block;
|
||||
i=EVP_MD_size(m);
|
||||
cl=EVP_CIPHER_key_length(c);
|
||||
j=exp ? (cl < 5 ? cl : 5) : cl;
|
||||
j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
|
||||
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
|
||||
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
|
||||
k=EVP_CIPHER_iv_length(c);
|
||||
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
|
||||
|
|
@ -283,7 +284,7 @@ SSL *s;
|
|||
unsigned char *p;
|
||||
EVP_CIPHER *c;
|
||||
EVP_MD *hash;
|
||||
int num,exp;
|
||||
int num;
|
||||
SSL_COMP *comp;
|
||||
|
||||
if (s->s3->tmp.key_block_length != 0)
|
||||
|
|
@ -299,8 +300,6 @@ SSL *s;
|
|||
s->s3->tmp.new_hash=hash;
|
||||
s->s3->tmp.new_compression=comp;
|
||||
|
||||
exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
|
||||
|
||||
num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
|
||||
num*=2;
|
||||
|
||||
|
|
|
|||
91
ssl/s3_lib.c
91
ssl/s3_lib.c
|
|
@ -77,7 +77,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_RSA_NULL_MD5,
|
||||
SSL3_CK_RSA_NULL_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -86,7 +86,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_RSA_NULL_SHA,
|
||||
SSL3_CK_RSA_NULL_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -97,7 +97,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_ADH_RC4_40_MD5,
|
||||
SSL3_CK_ADH_RC4_40_MD5,
|
||||
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3,
|
||||
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -106,7 +106,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_ADH_RC4_128_MD5,
|
||||
SSL3_CK_ADH_RC4_128_MD5,
|
||||
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
|
||||
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -115,7 +115,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_ADH_DES_40_CBC_SHA,
|
||||
SSL3_CK_ADH_DES_40_CBC_SHA,
|
||||
SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
|
||||
SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -124,7 +124,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_ADH_DES_64_CBC_SHA,
|
||||
SSL3_CK_ADH_DES_64_CBC_SHA,
|
||||
SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
|
||||
SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -133,7 +133,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_ADH_DES_192_CBC_SHA,
|
||||
SSL3_CK_ADH_DES_192_CBC_SHA,
|
||||
SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
|
||||
SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -144,7 +144,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_RSA_RC4_40_MD5,
|
||||
SSL3_CK_RSA_RC4_40_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -153,7 +153,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_RSA_RC4_128_MD5,
|
||||
SSL3_CK_RSA_RC4_128_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -162,7 +162,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_RSA_RC4_128_SHA,
|
||||
SSL3_CK_RSA_RC4_128_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -171,7 +171,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_RSA_RC2_40_MD5,
|
||||
SSL3_CK_RSA_RC2_40_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP|SSL_SSLV3,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -180,7 +180,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_RSA_IDEA_128_SHA,
|
||||
SSL3_CK_RSA_IDEA_128_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
|
||||
SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -189,7 +189,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_RSA_DES_40_CBC_SHA,
|
||||
SSL3_CK_RSA_DES_40_CBC_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
|
||||
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -198,7 +198,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_RSA_DES_64_CBC_SHA,
|
||||
SSL3_CK_RSA_DES_64_CBC_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
|
||||
SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -207,7 +207,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_RSA_DES_192_CBC3_SHA,
|
||||
SSL3_CK_RSA_DES_192_CBC3_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
|
||||
SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -218,7 +218,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
0,
|
||||
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
|
||||
SSL3_CK_DH_DSS_DES_40_CBC_SHA,
|
||||
SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
|
||||
SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -227,7 +227,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
0,
|
||||
SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
|
||||
SSL3_CK_DH_DSS_DES_64_CBC_SHA,
|
||||
SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
|
||||
SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -236,7 +236,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
0,
|
||||
SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
|
||||
SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
|
||||
SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
|
||||
SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -245,7 +245,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
0,
|
||||
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
|
||||
SSL3_CK_DH_RSA_DES_40_CBC_SHA,
|
||||
SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
|
||||
SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -254,7 +254,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
0,
|
||||
SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
|
||||
SSL3_CK_DH_RSA_DES_64_CBC_SHA,
|
||||
SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
|
||||
SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -263,7 +263,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
0,
|
||||
SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
|
||||
SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
|
||||
SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
|
||||
SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -274,7 +274,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
|
||||
SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
|
||||
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
|
||||
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -283,7 +283,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
|
||||
SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
|
||||
SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
|
||||
SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -292,7 +292,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
|
||||
SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
|
||||
SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
|
||||
SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -301,7 +301,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
|
||||
SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
|
||||
SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
|
||||
SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -310,7 +310,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
|
||||
SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
|
||||
SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
|
||||
SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -319,7 +319,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
1,
|
||||
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
|
||||
SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
|
||||
SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
|
||||
SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -330,7 +330,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
0,
|
||||
SSL3_TXT_FZA_DMS_NULL_SHA,
|
||||
SSL3_CK_FZA_DMS_NULL_SHA,
|
||||
SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
|
||||
SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -340,7 +340,7 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
0,
|
||||
SSL3_TXT_FZA_DMS_FZA_SHA,
|
||||
SSL3_CK_FZA_DMS_FZA_SHA,
|
||||
SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
|
||||
SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
|
@ -350,11 +350,40 @@ SSL_CIPHER ssl3_ciphers[]={
|
|||
0,
|
||||
SSL3_TXT_FZA_DMS_RC4_SHA,
|
||||
SSL3_CK_FZA_DMS_RC4_SHA,
|
||||
SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
|
||||
SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
},
|
||||
|
||||
/* New TLS Export CipherSuites */
|
||||
/* Cipher 60 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_RSA_EXPORT56_WITH_RC4_56_MD5,
|
||||
TLS1_CK_RSA_EXPORT56_WITH_RC4_56_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1,
|
||||
0,
|
||||
SSL_ALL_CIPHERS
|
||||
},
|
||||
/* Cipher 61 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_RSA_EXPORT56_WITH_RC2_CBC_56_MD5,
|
||||
TLS1_CK_RSA_EXPORT56_WITH_RC2_CBC_56_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1,
|
||||
0,
|
||||
SSL_ALL_CIPHERS
|
||||
},
|
||||
/* Cipher 62 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_RSA_EXPORT56_WITH_DES_CBC_SHA,
|
||||
TLS1_CK_RSA_EXPORT56_WITH_DES_CBC_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
|
||||
0,
|
||||
SSL_ALL_CIPHERS
|
||||
},
|
||||
|
||||
/* end of list */
|
||||
};
|
||||
|
||||
|
|
@ -733,7 +762,7 @@ STACK *have,*pref;
|
|||
{
|
||||
c=(SSL_CIPHER *)sk_value(have,i);
|
||||
alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
|
||||
if (alg & SSL_EXPORT)
|
||||
if (SSL_IS_EXPORT(alg))
|
||||
{
|
||||
ok=((alg & emask) == alg)?1:0;
|
||||
#ifdef CIPHER_DEBUG
|
||||
|
|
|
|||
|
|
@ -309,16 +309,16 @@ SSL *s;
|
|||
|
||||
/* only send if a DH key exchange, fortezza or
|
||||
* RSA but we have a sign only certificate */
|
||||
if ( s->s3->tmp.use_rsa_tmp ||
|
||||
(l & (SSL_DH|SSL_kFZA)) ||
|
||||
((l & SSL_kRSA) &&
|
||||
((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)||
|
||||
((l & SSL_EXPORT) &&
|
||||
(EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512)
|
||||
)
|
||||
)
|
||||
if (s->s3->tmp.use_rsa_tmp
|
||||
|| (l & (SSL_DH|SSL_kFZA))
|
||||
|| ((l & SSL_kRSA)
|
||||
&& (ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|
||||
|| (SSL_IS_EXPORT(l)
|
||||
&& EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
{
|
||||
ret=ssl3_send_server_key_exchange(s);
|
||||
if (ret <= 0) goto end;
|
||||
|
|
@ -777,7 +777,7 @@ SSL *s;
|
|||
c=(SSL_CIPHER *)sk_value(sk,i);
|
||||
if (c->algorithms & SSL_eNULL)
|
||||
nc=c;
|
||||
if (c->algorithms & SSL_EXP)
|
||||
if (SSL_C_IS_EXPORT(c))
|
||||
ec=c;
|
||||
}
|
||||
if (nc != NULL)
|
||||
|
|
@ -945,8 +945,7 @@ SSL *s;
|
|||
if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL))
|
||||
{
|
||||
rsa=s->ctx->default_cert->rsa_tmp_cb(s,
|
||||
!(s->s3->tmp.new_cipher->algorithms
|
||||
&SSL_NOT_EXP));
|
||||
!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
|
||||
CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
|
||||
cert->rsa_tmp=rsa;
|
||||
}
|
||||
|
|
@ -968,8 +967,7 @@ SSL *s;
|
|||
dhp=cert->dh_tmp;
|
||||
if ((dhp == NULL) && (cert->dh_tmp_cb != NULL))
|
||||
dhp=cert->dh_tmp_cb(s,
|
||||
!(s->s3->tmp.new_cipher->algorithms
|
||||
&SSL_NOT_EXP));
|
||||
!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
|
||||
if (dhp == NULL)
|
||||
{
|
||||
al=SSL_AD_HANDSHAKE_FAILURE;
|
||||
|
|
|
|||
15
ssl/ssl.h
15
ssl/ssl.h
|
|
@ -132,8 +132,9 @@ extern "C" {
|
|||
#define SSL_TXT_MD5 "MD5"
|
||||
#define SSL_TXT_SHA1 "SHA1"
|
||||
#define SSL_TXT_SHA "SHA"
|
||||
#define SSL_TXT_EXP "EXP"
|
||||
#define SSL_TXT_EXP40 "EXP"
|
||||
#define SSL_TXT_EXPORT "EXPORT"
|
||||
#define SSL_TXT_EXP56 "EXP56"
|
||||
#define SSL_TXT_SSLV2 "SSLv2"
|
||||
#define SSL_TXT_SSLV3 "SSLv3"
|
||||
#define SSL_TXT_TLSV1 "TLSv1"
|
||||
|
|
@ -988,18 +989,18 @@ int SSL_state(SSL *ssl);
|
|||
void SSL_set_verify_result(SSL *ssl,long v);
|
||||
long SSL_get_verify_result(SSL *ssl);
|
||||
|
||||
int SSL_set_ex_data(SSL *ssl,int idx,char *data);
|
||||
char *SSL_get_ex_data(SSL *ssl,int idx);
|
||||
int SSL_set_ex_data(SSL *ssl,int idx,void *data);
|
||||
void *SSL_get_ex_data(SSL *ssl,int idx);
|
||||
int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
|
||||
int (*dup_func)(), void (*free_func)());
|
||||
|
||||
int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,char *data);
|
||||
char *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
|
||||
int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
|
||||
void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
|
||||
int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
|
||||
int (*dup_func)(), void (*free_func)());
|
||||
|
||||
int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,char *data);
|
||||
char *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
|
||||
int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
|
||||
void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
|
||||
int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
|
||||
int (*dup_func)(), void (*free_func)());
|
||||
|
||||
|
|
|
|||
|
|
@ -144,14 +144,15 @@ static SSL_CIPHER cipher_aliases[]={
|
|||
{0,SSL_TXT_ADH, 0,SSL_ADH, 0,SSL_AUTH_MASK|SSL_MKEY_MASK},
|
||||
{0,SSL_TXT_FZA, 0,SSL_FZA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
|
||||
|
||||
{0,SSL_TXT_EXP, 0,SSL_EXP, 0,SSL_EXP_MASK},
|
||||
{0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK},
|
||||
{0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK},
|
||||
{0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK},
|
||||
{0,SSL_TXT_TLSV1,0,SSL_SSLV3,0,SSL_SSL_MASK},
|
||||
{0,SSL_TXT_LOW, 0,SSL_LOW,0,SSL_STRONG_MASK},
|
||||
{0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,_SSL_EXP_MASK},
|
||||
{0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,_SSL_EXP_MASK},
|
||||
{0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,_SSL_EXP_MASK},
|
||||
{0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,SSL_SSL_MASK},
|
||||
{0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,SSL_SSL_MASK},
|
||||
{0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,SSL_SSL_MASK},
|
||||
{0,SSL_TXT_LOW, 0,SSL_LOW, 0,SSL_STRONG_MASK},
|
||||
{0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
|
||||
{0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK},
|
||||
{0,SSL_TXT_HIGH, 0,SSL_HIGH, 0,SSL_STRONG_MASK},
|
||||
};
|
||||
|
||||
static int init_ciphers=1;
|
||||
|
|
@ -615,7 +616,7 @@ SSL_CIPHER *cipher;
|
|||
char *buf;
|
||||
int len;
|
||||
{
|
||||
int export;
|
||||
int _export,pkl,kl;
|
||||
char *ver,*exp;
|
||||
char *kx,*au,*enc,*mac;
|
||||
unsigned long alg,alg2;
|
||||
|
|
@ -624,8 +625,10 @@ int len;
|
|||
alg=cipher->algorithms;
|
||||
alg2=cipher->algorithm2;
|
||||
|
||||
export=(alg&SSL_EXP)?1:0;
|
||||
exp=(export)?" export":"";
|
||||
_export=SSL_IS_EXPORT(alg);
|
||||
pkl=SSL_EXPORT_PKEYLENGTH(alg);
|
||||
kl=SSL_EXPORT_KEYLENGTH(alg);
|
||||
exp=_export?" export":"";
|
||||
|
||||
if (alg & SSL_SSLV2)
|
||||
ver="SSLv2";
|
||||
|
|
@ -637,7 +640,7 @@ int len;
|
|||
switch (alg&SSL_MKEY_MASK)
|
||||
{
|
||||
case SSL_kRSA:
|
||||
kx=(export)?"RSA(512)":"RSA";
|
||||
kx=_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
|
||||
break;
|
||||
case SSL_kDHr:
|
||||
kx="DH/RSA";
|
||||
|
|
@ -649,7 +652,7 @@ int len;
|
|||
kx="Fortezza";
|
||||
break;
|
||||
case SSL_kEDH:
|
||||
kx=(export)?"DH(512)":"DH";
|
||||
kx=_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
|
||||
break;
|
||||
default:
|
||||
kx="unknown";
|
||||
|
|
@ -678,16 +681,17 @@ int len;
|
|||
switch (alg&SSL_ENC_MASK)
|
||||
{
|
||||
case SSL_DES:
|
||||
enc=export?"DES(40)":"DES(56)";
|
||||
enc=(_export && kl == 5)?"DES(40)":"DES(56)";
|
||||
break;
|
||||
case SSL_3DES:
|
||||
enc="3DES(168)";
|
||||
break;
|
||||
case SSL_RC4:
|
||||
enc=export?"RC4(40)":((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
|
||||
enc=_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
|
||||
:((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
|
||||
break;
|
||||
case SSL_RC2:
|
||||
enc=export?"RC2(40)":"RC2(128)";
|
||||
enc=_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
|
||||
break;
|
||||
case SSL_IDEA:
|
||||
enc="IDEA(128)";
|
||||
|
|
@ -770,9 +774,9 @@ int *alg_bits;
|
|||
|
||||
a=EVP_CIPHER_key_length(enc)*8;
|
||||
|
||||
if (c->algorithms & SSL_EXP)
|
||||
if (SSL_C_IS_EXPORT(c))
|
||||
{
|
||||
ret=40;
|
||||
ret=SSL_C_EXPORT_KEYLENGTH(c)*8;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1236,13 +1236,13 @@ SSL *s;
|
|||
{
|
||||
unsigned long alg,mask,kalg;
|
||||
CERT *c;
|
||||
int i,export;
|
||||
int i,_export;
|
||||
|
||||
c=s->cert;
|
||||
ssl_set_cert_masks(c);
|
||||
alg=s->s3->tmp.new_cipher->algorithms;
|
||||
export=(alg & SSL_EXPORT)?1:0;
|
||||
mask=(export)?c->export_mask:c->mask;
|
||||
_export=SSL_IS_EXPORT(alg);
|
||||
mask=_export?c->export_mask:c->mask;
|
||||
kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
|
||||
|
||||
if (kalg & SSL_kDHr)
|
||||
|
|
@ -1822,12 +1822,12 @@ void (*free_func)();
|
|||
int SSL_set_ex_data(s,idx,arg)
|
||||
SSL *s;
|
||||
int idx;
|
||||
char *arg;
|
||||
void *arg;
|
||||
{
|
||||
return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
|
||||
}
|
||||
|
||||
char *SSL_get_ex_data(s,idx)
|
||||
void *SSL_get_ex_data(s,idx)
|
||||
SSL *s;
|
||||
int idx;
|
||||
{
|
||||
|
|
@ -1849,12 +1849,12 @@ void (*free_func)();
|
|||
int SSL_CTX_set_ex_data(s,idx,arg)
|
||||
SSL_CTX *s;
|
||||
int idx;
|
||||
char *arg;
|
||||
void *arg;
|
||||
{
|
||||
return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
|
||||
}
|
||||
|
||||
char *SSL_CTX_get_ex_data(s,idx)
|
||||
void *SSL_CTX_get_ex_data(s,idx)
|
||||
SSL_CTX *s;
|
||||
int idx;
|
||||
{
|
||||
|
|
|
|||
|
|
@ -191,14 +191,25 @@
|
|||
#define SSL_SHA1 0x00040000L
|
||||
#define SSL_SHA (SSL_SHA1)
|
||||
|
||||
#define SSL_EXP_MASK 0x00300000L
|
||||
#define SSL_EXP 0x00100000L
|
||||
#define SSL_NOT_EXP 0x00200000L
|
||||
#define SSL_EXPORT SSL_EXP
|
||||
#define _SSL_EXP_MASK 0x00300000L
|
||||
#define SSL_EXP40 0x00100000L
|
||||
#define _SSL_NOT_EXP 0x00200000L
|
||||
#define SSL_EXP56 0x00300000L
|
||||
#define SSL_IS_EXPORT(a) ((a)&SSL_EXP40)
|
||||
#define SSL_IS_EXPORT56(a) (((a)&_SSL_EXP_MASK) == SSL_EXP56)
|
||||
#define SSL_IS_EXPORT40(a) (((a)&_SSL_EXP_MASK) == SSL_EXP40)
|
||||
#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algorithms)
|
||||
#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algorithms)
|
||||
#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algorithms)
|
||||
#define SSL_EXPORT_KEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 5 : 7)
|
||||
#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
|
||||
#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms)
|
||||
#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algorithms)
|
||||
|
||||
#define SSL_SSL_MASK 0x00c00000L
|
||||
#define SSL_SSLV2 0x00400000L
|
||||
#define SSL_SSLV3 0x00800000L
|
||||
#define SSL_TLSV1 SSL_SSLV3 /* for now */
|
||||
|
||||
#define SSL_STRONG_MASK 0x07000000L
|
||||
#define SSL_LOW 0x01000000L
|
||||
|
|
@ -208,7 +219,7 @@
|
|||
/* we have used 0fffffff - 4 bits left to go */
|
||||
#define SSL_ALL 0xffffffffL
|
||||
#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
|
||||
SSL_MAC_MASK|SSL_EXP_MASK)
|
||||
SSL_MAC_MASK|_SSL_EXP_MASK)
|
||||
|
||||
/* Mostly for SSLv3 */
|
||||
#define SSL_PKEY_RSA_ENC 0
|
||||
|
|
|
|||
|
|
@ -94,12 +94,12 @@ void (*free_func)();
|
|||
int SSL_SESSION_set_ex_data(s,idx,arg)
|
||||
SSL_SESSION *s;
|
||||
int idx;
|
||||
char *arg;
|
||||
void *arg;
|
||||
{
|
||||
return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
|
||||
}
|
||||
|
||||
char *SSL_SESSION_get_ex_data(s,idx)
|
||||
void *SSL_SESSION_get_ex_data(s,idx)
|
||||
SSL_SESSION *s;
|
||||
int idx;
|
||||
{
|
||||
|
|
|
|||
15
ssl/t1_enc.c
15
ssl/t1_enc.c
|
|
@ -178,9 +178,9 @@ int which;
|
|||
EVP_CIPHER *c;
|
||||
SSL_COMP *comp;
|
||||
EVP_MD *m;
|
||||
int exp,n,i,j,k,exp_label_len,cl;
|
||||
int _exp,n,i,j,k,exp_label_len,cl;
|
||||
|
||||
exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
|
||||
_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
|
||||
c=s->s3->tmp.new_sym_enc;
|
||||
m=s->s3->tmp.new_hash;
|
||||
comp=s->s3->tmp.new_compression;
|
||||
|
|
@ -247,7 +247,8 @@ int which;
|
|||
p=s->s3->tmp.key_block;
|
||||
i=EVP_MD_size(m);
|
||||
cl=EVP_CIPHER_key_length(c);
|
||||
j=exp ? (cl < 5 ? cl : 5) : cl;
|
||||
j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
|
||||
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
|
||||
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
|
||||
k=EVP_CIPHER_iv_length(c);
|
||||
er1= &(s->s3->client_random[0]);
|
||||
|
|
@ -284,7 +285,7 @@ int which;
|
|||
printf("which = %04X\nmac key=",which);
|
||||
{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
|
||||
#endif
|
||||
if (exp)
|
||||
if (_exp)
|
||||
{
|
||||
/* In here I set both the read and write key/iv to the
|
||||
* same value since only the correct one will be used :-).
|
||||
|
|
@ -297,7 +298,7 @@ printf("which = %04X\nmac key=",which);
|
|||
memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
|
||||
p+=SSL3_RANDOM_SIZE;
|
||||
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
|
||||
tmp1,tmp2,EVP_CIPHER_key_length(c));
|
||||
tmp1,tmp2,EVP_CIPHER_key_length(c));
|
||||
key=tmp1;
|
||||
|
||||
if (k > 0)
|
||||
|
|
@ -347,7 +348,7 @@ SSL *s;
|
|||
unsigned char *p1,*p2;
|
||||
EVP_CIPHER *c;
|
||||
EVP_MD *hash;
|
||||
int num,exp;
|
||||
int num;
|
||||
SSL_COMP *comp;
|
||||
|
||||
if (s->s3->tmp.key_block_length != 0)
|
||||
|
|
@ -362,8 +363,6 @@ SSL *s;
|
|||
s->s3->tmp.new_sym_enc=c;
|
||||
s->s3->tmp.new_hash=hash;
|
||||
|
||||
exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
|
||||
|
||||
num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
|
||||
num*=2;
|
||||
|
||||
|
|
|
|||
|
|
@ -82,6 +82,14 @@ extern "C" {
|
|||
#define TLS1_AD_USER_CANCLED 90
|
||||
#define TLS1_AD_NO_RENEGOTIATION 100
|
||||
|
||||
#define TLS1_CK_RSA_EXPORT56_WITH_RC4_56_MD5 0x03000060
|
||||
#define TLS1_CK_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 0x03000061
|
||||
#define TLS1_CK_RSA_EXPORT56_WITH_DES_CBC_SHA 0x03000062
|
||||
|
||||
#define TLS1_TXT_RSA_EXPORT56_WITH_RC4_56_MD5 "EXP56-RC4-MD5"
|
||||
#define TLS1_TXT_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 "EXP56-RC2-CBC-MD5"
|
||||
#define TLS1_TXT_RSA_EXPORT56_WITH_DES_CBC_SHA "EXP56-DES-CBC-SHA"
|
||||
|
||||
#define TLS_CT_RSA_SIGN 1
|
||||
#define TLS_CT_DSS_SIGN 2
|
||||
#define TLS_CT_RSA_FIXED_DH 3
|
||||
|
|
|
|||
Loading…
Reference in New Issue