summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-07-09 11:25:42 +0000
committerjsing <>2014-07-09 11:25:42 +0000
commitc90a1a4bb021e5a2622323df8464bf574d0c4364 (patch)
tree604b9084e9f8d9e522922bc0cd6be5e22478e9ee
parent4afcbff6153d561348af47fa000f298df3693a3c (diff)
downloadopenbsd-c90a1a4bb021e5a2622323df8464bf574d0c4364.tar.gz
openbsd-c90a1a4bb021e5a2622323df8464bf574d0c4364.tar.bz2
openbsd-c90a1a4bb021e5a2622323df8464bf574d0c4364.zip
tedu the SSL export cipher handling - since we do not have enabled export
ciphers we no longer need the flags or code to support it. ok beck@ miod@
Diffstat
-rw-r--r--src/lib/libssl/d1_srvr.c26
-rw-r--r--src/lib/libssl/s3_clnt.c32
-rw-r--r--src/lib/libssl/s3_lib.c30
-rw-r--r--src/lib/libssl/s3_srvr.c33
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c26
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c32
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c49
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c30
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c33
-rw-r--r--src/lib/libssl/src/ssl/ssl.h5
-rw-r--r--src/lib/libssl/src/ssl/ssl_cert.c4
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c64
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c71
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h55
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c64
-rw-r--r--src/lib/libssl/ssl.h5
-rw-r--r--src/lib/libssl/ssl_cert.c4
-rw-r--r--src/lib/libssl/ssl_ciph.c64
-rw-r--r--src/lib/libssl/ssl_lib.c71
-rw-r--r--src/lib/libssl/ssl_locl.h55
-rw-r--r--src/lib/libssl/t1_enc.c64
21 files changed, 93 insertions, 724 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index d4d564a688..c01dc77254 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.27 2014/06/30 14:13:27 tedu Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.28 2014/07/09 11:25:42 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -473,9 +473,6 @@ dtls1_accept(SSL *s)
473 || (alg_k & SSL_kEECDH) 473 || (alg_k & SSL_kEECDH)
474 || ((alg_k & SSL_kRSA) 474 || ((alg_k & SSL_kRSA)
475 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL 475 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
476 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
477 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
478 )
479 ) 476 )
480 ) 477 )
481 ) { 478 ) {
@@ -1047,9 +1044,7 @@ dtls1_send_server_key_exchange(SSL *s)
1047 if (type & SSL_kRSA) { 1044 if (type & SSL_kRSA) {
1048 rsa = cert->rsa_tmp; 1045 rsa = cert->rsa_tmp;
1049 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { 1046 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
1050 rsa = s->cert->rsa_tmp_cb(s, 1047 rsa = s->cert->rsa_tmp_cb(s, 0, 0);
1051 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1052 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1053 if (rsa == NULL) { 1048 if (rsa == NULL) {
1054 al = SSL_AD_HANDSHAKE_FAILURE; 1049 al = SSL_AD_HANDSHAKE_FAILURE;
1055 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY); 1050 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
@@ -1070,9 +1065,7 @@ dtls1_send_server_key_exchange(SSL *s)
1070 if (type & SSL_kEDH) { 1065 if (type & SSL_kEDH) {
1071 dhp = cert->dh_tmp; 1066 dhp = cert->dh_tmp;
1072 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) 1067 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1073 dhp = s->cert->dh_tmp_cb(s, 1068 dhp = s->cert->dh_tmp_cb(s, 0, 0);
1074 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1075 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1076 if (dhp == NULL) { 1069 if (dhp == NULL) {
1077 al = SSL_AD_HANDSHAKE_FAILURE; 1070 al = SSL_AD_HANDSHAKE_FAILURE;
1078 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY); 1071 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY);
@@ -1115,11 +1108,8 @@ dtls1_send_server_key_exchange(SSL *s)
1115 const EC_GROUP *group; 1108 const EC_GROUP *group;
1116 1109
1117 ecdhp = cert->ecdh_tmp; 1110 ecdhp = cert->ecdh_tmp;
1118 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) { 1111 if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL)
1119 ecdhp = s->cert->ecdh_tmp_cb(s, 1112 ecdhp = s->cert->ecdh_tmp_cb(s, 0, 0);
1120 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1121 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1122 }
1123 if (ecdhp == NULL) { 1113 if (ecdhp == NULL) {
1124 al = SSL_AD_HANDSHAKE_FAILURE; 1114 al = SSL_AD_HANDSHAKE_FAILURE;
1125 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY); 1115 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY);
@@ -1160,12 +1150,6 @@ dtls1_send_server_key_exchange(SSL *s)
1160 goto err; 1150 goto err;
1161 } 1151 }
1162 1152
1163 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1164 (EC_GROUP_get_degree(group) > 163)) {
1165 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1166 goto err;
1167 }
1168
1169 /* XXX: For now, we only support ephemeral ECDH 1153 /* XXX: For now, we only support ephemeral ECDH
1170 * keys over named (not generic) curves. For 1154 * keys over named (not generic) curves. For
1171 * supported named curves, curve_id is non-zero. 1155 * supported named curves, curve_id is non-zero.
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 0350019078..61de494244 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.72 2014/06/21 20:27:25 tedu Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.73 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1490,14 +1490,6 @@ ssl3_get_key_exchange(SSL *s)
1490 1490
1491 group = EC_KEY_get0_group(ecdh); 1491 group = EC_KEY_get0_group(ecdh);
1492 1492
1493 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1494 (EC_GROUP_get_degree(group) > 163)) {
1495 al = SSL_AD_EXPORT_RESTRICTION;
1496 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1497 SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1498 goto f_err;
1499 }
1500
1501 p += 3; 1493 p += 3;
1502 1494
1503 /* Next, get the encoded ECPoint */ 1495 /* Next, get the encoded ECPoint */
@@ -2824,28 +2816,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2824 goto f_err; 2816 goto f_err;
2825 } 2817 }
2826 2818
2827 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
2828 !has_bits(i, EVP_PKT_EXP)) {
2829 if (alg_k & SSL_kRSA) {
2830 if (rsa == NULL || RSA_size(rsa) * 8 >
2831 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
2832 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2833 SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
2834 goto f_err;
2835 }
2836 } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
2837 if (dh == NULL || DH_size(dh) * 8 >
2838 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
2839 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2840 SSL_R_MISSING_EXPORT_TMP_DH_KEY);
2841 goto f_err;
2842 }
2843 } else {
2844 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2845 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
2846 goto f_err;
2847 }
2848 }
2849 return (1); 2819 return (1);
2850f_err: 2820f_err:
2851 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2821 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index d07d7e7cbc..5c4e530d34 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.66 2014/07/09 11:10:51 bcook Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.67 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -210,7 +210,7 @@ SSL_CIPHER ssl3_ciphers[] = {
210 .algorithm_enc = SSL_RC4, 210 .algorithm_enc = SSL_RC4,
211 .algorithm_mac = SSL_MD5, 211 .algorithm_mac = SSL_MD5,
212 .algorithm_ssl = SSL_SSLV3, 212 .algorithm_ssl = SSL_SSLV3,
213 .algo_strength = SSL_EXPORT|SSL_EXP40, 213 .algo_strength = 0,
214 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 214 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
215 .strength_bits = 40, 215 .strength_bits = 40,
216 .alg_bits = 128, 216 .alg_bits = 128,
@@ -258,7 +258,7 @@ SSL_CIPHER ssl3_ciphers[] = {
258 .algorithm_enc = SSL_RC2, 258 .algorithm_enc = SSL_RC2,
259 .algorithm_mac = SSL_MD5, 259 .algorithm_mac = SSL_MD5,
260 .algorithm_ssl = SSL_SSLV3, 260 .algorithm_ssl = SSL_SSLV3,
261 .algo_strength = SSL_EXPORT|SSL_EXP40, 261 .algo_strength = 0,
262 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 262 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
263 .strength_bits = 40, 263 .strength_bits = 40,
264 .alg_bits = 128, 264 .alg_bits = 128,
@@ -292,7 +292,7 @@ SSL_CIPHER ssl3_ciphers[] = {
292 .algorithm_enc = SSL_DES, 292 .algorithm_enc = SSL_DES,
293 .algorithm_mac = SSL_SHA1, 293 .algorithm_mac = SSL_SHA1,
294 .algorithm_ssl = SSL_SSLV3, 294 .algorithm_ssl = SSL_SSLV3,
295 .algo_strength = SSL_EXPORT|SSL_EXP40, 295 .algo_strength = 0,
296 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 296 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
297 .strength_bits = 40, 297 .strength_bits = 40,
298 .alg_bits = 56, 298 .alg_bits = 56,
@@ -341,7 +341,7 @@ SSL_CIPHER ssl3_ciphers[] = {
341 .algorithm_enc = SSL_DES, 341 .algorithm_enc = SSL_DES,
342 .algorithm_mac = SSL_SHA1, 342 .algorithm_mac = SSL_SHA1,
343 .algorithm_ssl = SSL_SSLV3, 343 .algorithm_ssl = SSL_SSLV3,
344 .algo_strength = SSL_EXPORT|SSL_EXP40, 344 .algo_strength = 0,
345 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 345 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
346 .strength_bits = 40, 346 .strength_bits = 40,
347 .alg_bits = 56, 347 .alg_bits = 56,
@@ -389,7 +389,7 @@ SSL_CIPHER ssl3_ciphers[] = {
389 .algorithm_enc = SSL_DES, 389 .algorithm_enc = SSL_DES,
390 .algorithm_mac = SSL_SHA1, 390 .algorithm_mac = SSL_SHA1,
391 .algorithm_ssl = SSL_SSLV3, 391 .algorithm_ssl = SSL_SSLV3,
392 .algo_strength = SSL_EXPORT|SSL_EXP40, 392 .algo_strength = 0,
393 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 393 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
394 .strength_bits = 40, 394 .strength_bits = 40,
395 .alg_bits = 56, 395 .alg_bits = 56,
@@ -438,7 +438,7 @@ SSL_CIPHER ssl3_ciphers[] = {
438 .algorithm_enc = SSL_DES, 438 .algorithm_enc = SSL_DES,
439 .algorithm_mac = SSL_SHA1, 439 .algorithm_mac = SSL_SHA1,
440 .algorithm_ssl = SSL_SSLV3, 440 .algorithm_ssl = SSL_SSLV3,
441 .algo_strength = SSL_EXPORT|SSL_EXP40, 441 .algo_strength = 0,
442 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 442 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
443 .strength_bits = 40, 443 .strength_bits = 40,
444 .alg_bits = 56, 444 .alg_bits = 56,
@@ -486,7 +486,7 @@ SSL_CIPHER ssl3_ciphers[] = {
486 .algorithm_enc = SSL_DES, 486 .algorithm_enc = SSL_DES,
487 .algorithm_mac = SSL_SHA1, 487 .algorithm_mac = SSL_SHA1,
488 .algorithm_ssl = SSL_SSLV3, 488 .algorithm_ssl = SSL_SSLV3,
489 .algo_strength = SSL_EXPORT|SSL_EXP40, 489 .algo_strength = 0,
490 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 490 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
491 .strength_bits = 40, 491 .strength_bits = 40,
492 .alg_bits = 56, 492 .alg_bits = 56,
@@ -534,7 +534,7 @@ SSL_CIPHER ssl3_ciphers[] = {
534 .algorithm_enc = SSL_RC4, 534 .algorithm_enc = SSL_RC4,
535 .algorithm_mac = SSL_MD5, 535 .algorithm_mac = SSL_MD5,
536 .algorithm_ssl = SSL_SSLV3, 536 .algorithm_ssl = SSL_SSLV3,
537 .algo_strength = SSL_EXPORT|SSL_EXP40, 537 .algo_strength = 0,
538 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 538 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
539 .strength_bits = 40, 539 .strength_bits = 40,
540 .alg_bits = 128, 540 .alg_bits = 128,
@@ -566,7 +566,7 @@ SSL_CIPHER ssl3_ciphers[] = {
566 .algorithm_enc = SSL_DES, 566 .algorithm_enc = SSL_DES,
567 .algorithm_mac = SSL_SHA1, 567 .algorithm_mac = SSL_SHA1,
568 .algorithm_ssl = SSL_SSLV3, 568 .algorithm_ssl = SSL_SSLV3,
569 .algo_strength = SSL_EXPORT|SSL_EXP40, 569 .algo_strength = 0,
570 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 570 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
571 .strength_bits = 40, 571 .strength_bits = 40,
572 .alg_bits = 128, 572 .alg_bits = 128,
@@ -2999,7 +2999,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2999 int ec_ok, ec_nid; 2999 int ec_ok, ec_nid;
3000 unsigned char ec_search1 = 0, ec_search2 = 0; 3000 unsigned char ec_search1 = 0, ec_search2 = 0;
3001 CERT *cert; 3001 CERT *cert;
3002 unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; 3002 unsigned long alg_k, alg_a, mask_k, mask_a;
3003 3003
3004 /* Let's see which ciphers we can support */ 3004 /* Let's see which ciphers we can support */
3005 cert = s->cert; 3005 cert = s->cert;
@@ -3030,8 +3030,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3030 ssl_set_cert_masks(cert, c); 3030 ssl_set_cert_masks(cert, c);
3031 mask_k = cert->mask_k; 3031 mask_k = cert->mask_k;
3032 mask_a = cert->mask_a; 3032 mask_a = cert->mask_a;
3033 emask_k = cert->export_mask_k;
3034 emask_a = cert->export_mask_a;
3035 3033
3036 alg_k = c->algorithm_mkey; 3034 alg_k = c->algorithm_mkey;
3037 alg_a = c->algorithm_auth; 3035 alg_a = c->algorithm_auth;
@@ -3042,11 +3040,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3042 continue; 3040 continue;
3043#endif /* OPENSSL_NO_PSK */ 3041#endif /* OPENSSL_NO_PSK */
3044 3042
3045 if (SSL_C_IS_EXPORT(c)) { 3043 ok = (alg_k & mask_k) && (alg_a & mask_a);
3046 ok = (alg_k & emask_k) && (alg_a & emask_a);
3047 } else {
3048 ok = (alg_k & mask_k) && (alg_a & mask_a);
3049 }
3050 3044
3051 if ( 3045 if (
3052 /* 3046 /*
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index a3387040a9..f24d0f9cf8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.67 2014/06/30 14:13:27 tedu Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.68 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -435,11 +435,7 @@ ssl3_accept(SSL *s)
435 || ((alg_k & SSL_kRSA) 435 || ((alg_k & SSL_kRSA)
436 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == 436 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey ==
437 NULL 437 NULL
438 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) 438 ))) {
439 && EVP_PKEY_size(
440 s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) * 8
441 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher
442 ))))) {
443 ret = ssl3_send_server_key_exchange(s); 439 ret = ssl3_send_server_key_exchange(s);
444 if (ret <= 0) 440 if (ret <= 0)
445 goto end; 441 goto end;
@@ -1296,8 +1292,6 @@ ssl3_get_client_hello(SSL *s)
1296 c = sk_SSL_CIPHER_value(sk, i); 1292 c = sk_SSL_CIPHER_value(sk, i);
1297 if (c->algorithm_enc & SSL_eNULL) 1293 if (c->algorithm_enc & SSL_eNULL)
1298 nc = c; 1294 nc = c;
1299 if (SSL_C_IS_EXPORT(c))
1300 ec = c;
1301 } 1295 }
1302 if (nc != NULL) 1296 if (nc != NULL)
1303 s->s3->tmp.new_cipher = nc; 1297 s->s3->tmp.new_cipher = nc;
@@ -1508,9 +1502,7 @@ ssl3_send_server_key_exchange(SSL *s)
1508 if (type & SSL_kRSA) { 1502 if (type & SSL_kRSA) {
1509 rsa = cert->rsa_tmp; 1503 rsa = cert->rsa_tmp;
1510 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { 1504 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
1511 rsa = s->cert->rsa_tmp_cb(s, 1505 rsa = s->cert->rsa_tmp_cb(s, 0, 0);
1512 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1513 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1514 if (rsa == NULL) { 1506 if (rsa == NULL) {
1515 al = SSL_AD_HANDSHAKE_FAILURE; 1507 al = SSL_AD_HANDSHAKE_FAILURE;
1516 SSLerr( 1508 SSLerr(
@@ -1534,9 +1526,7 @@ ssl3_send_server_key_exchange(SSL *s)
1534 if (type & SSL_kEDH) { 1526 if (type & SSL_kEDH) {
1535 dhp = cert->dh_tmp; 1527 dhp = cert->dh_tmp;
1536 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) 1528 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1537 dhp = s->cert->dh_tmp_cb(s, 1529 dhp = s->cert->dh_tmp_cb(s, 0, 0);
1538 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1539 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1540 if (dhp == NULL) { 1530 if (dhp == NULL) {
1541 al = SSL_AD_HANDSHAKE_FAILURE; 1531 al = SSL_AD_HANDSHAKE_FAILURE;
1542 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1532 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
@@ -1584,12 +1574,8 @@ ssl3_send_server_key_exchange(SSL *s)
1584 const EC_GROUP *group; 1574 const EC_GROUP *group;
1585 1575
1586 ecdhp = cert->ecdh_tmp; 1576 ecdhp = cert->ecdh_tmp;
1587 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) { 1577 if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL)
1588 ecdhp = s->cert->ecdh_tmp_cb( 1578 ecdhp = s->cert->ecdh_tmp_cb(s, 0, 0);
1589 s, SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1590 SSL_C_EXPORT_PKEYLENGTH(
1591 s->s3->tmp.new_cipher));
1592 }
1593 if (ecdhp == NULL) { 1579 if (ecdhp == NULL) {
1594 al = SSL_AD_HANDSHAKE_FAILURE; 1580 al = SSL_AD_HANDSHAKE_FAILURE;
1595 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1581 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
@@ -1634,13 +1620,6 @@ ssl3_send_server_key_exchange(SSL *s)
1634 goto err; 1620 goto err;
1635 } 1621 }
1636 1622
1637 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1638 (EC_GROUP_get_degree(group) > 163)) {
1639 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1640 SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1641 goto err;
1642 }
1643
1644 /* 1623 /*
1645 * XXX: For now, we only support ephemeral ECDH 1624 * XXX: For now, we only support ephemeral ECDH
1646 * keys over named (not generic) curves. For 1625 * keys over named (not generic) curves. For
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index d4d564a688..c01dc77254 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.27 2014/06/30 14:13:27 tedu Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.28 2014/07/09 11:25:42 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -473,9 +473,6 @@ dtls1_accept(SSL *s)
473 || (alg_k & SSL_kEECDH) 473 || (alg_k & SSL_kEECDH)
474 || ((alg_k & SSL_kRSA) 474 || ((alg_k & SSL_kRSA)
475 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL 475 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
476 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
477 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
478 )
479 ) 476 )
480 ) 477 )
481 ) { 478 ) {
@@ -1047,9 +1044,7 @@ dtls1_send_server_key_exchange(SSL *s)
1047 if (type & SSL_kRSA) { 1044 if (type & SSL_kRSA) {
1048 rsa = cert->rsa_tmp; 1045 rsa = cert->rsa_tmp;
1049 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { 1046 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
1050 rsa = s->cert->rsa_tmp_cb(s, 1047 rsa = s->cert->rsa_tmp_cb(s, 0, 0);
1051 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1052 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1053 if (rsa == NULL) { 1048 if (rsa == NULL) {
1054 al = SSL_AD_HANDSHAKE_FAILURE; 1049 al = SSL_AD_HANDSHAKE_FAILURE;
1055 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY); 1050 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
@@ -1070,9 +1065,7 @@ dtls1_send_server_key_exchange(SSL *s)
1070 if (type & SSL_kEDH) { 1065 if (type & SSL_kEDH) {
1071 dhp = cert->dh_tmp; 1066 dhp = cert->dh_tmp;
1072 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) 1067 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1073 dhp = s->cert->dh_tmp_cb(s, 1068 dhp = s->cert->dh_tmp_cb(s, 0, 0);
1074 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1075 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1076 if (dhp == NULL) { 1069 if (dhp == NULL) {
1077 al = SSL_AD_HANDSHAKE_FAILURE; 1070 al = SSL_AD_HANDSHAKE_FAILURE;
1078 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY); 1071 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY);
@@ -1115,11 +1108,8 @@ dtls1_send_server_key_exchange(SSL *s)
1115 const EC_GROUP *group; 1108 const EC_GROUP *group;
1116 1109
1117 ecdhp = cert->ecdh_tmp; 1110 ecdhp = cert->ecdh_tmp;
1118 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) { 1111 if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL)
1119 ecdhp = s->cert->ecdh_tmp_cb(s, 1112 ecdhp = s->cert->ecdh_tmp_cb(s, 0, 0);
1120 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1121 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1122 }
1123 if (ecdhp == NULL) { 1113 if (ecdhp == NULL) {
1124 al = SSL_AD_HANDSHAKE_FAILURE; 1114 al = SSL_AD_HANDSHAKE_FAILURE;
1125 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY); 1115 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY);
@@ -1160,12 +1150,6 @@ dtls1_send_server_key_exchange(SSL *s)
1160 goto err; 1150 goto err;
1161 } 1151 }
1162 1152
1163 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1164 (EC_GROUP_get_degree(group) > 163)) {
1165 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1166 goto err;
1167 }
1168
1169 /* XXX: For now, we only support ephemeral ECDH 1153 /* XXX: For now, we only support ephemeral ECDH
1170 * keys over named (not generic) curves. For 1154 * keys over named (not generic) curves. For
1171 * supported named curves, curve_id is non-zero. 1155 * supported named curves, curve_id is non-zero.
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 0350019078..61de494244 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.72 2014/06/21 20:27:25 tedu Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.73 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1490,14 +1490,6 @@ ssl3_get_key_exchange(SSL *s)
1490 1490
1491 group = EC_KEY_get0_group(ecdh); 1491 group = EC_KEY_get0_group(ecdh);
1492 1492
1493 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1494 (EC_GROUP_get_degree(group) > 163)) {
1495 al = SSL_AD_EXPORT_RESTRICTION;
1496 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1497 SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1498 goto f_err;
1499 }
1500
1501 p += 3; 1493 p += 3;
1502 1494
1503 /* Next, get the encoded ECPoint */ 1495 /* Next, get the encoded ECPoint */
@@ -2824,28 +2816,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2824 goto f_err; 2816 goto f_err;
2825 } 2817 }
2826 2818
2827 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
2828 !has_bits(i, EVP_PKT_EXP)) {
2829 if (alg_k & SSL_kRSA) {
2830 if (rsa == NULL || RSA_size(rsa) * 8 >
2831 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
2832 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2833 SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
2834 goto f_err;
2835 }
2836 } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
2837 if (dh == NULL || DH_size(dh) * 8 >
2838 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
2839 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2840 SSL_R_MISSING_EXPORT_TMP_DH_KEY);
2841 goto f_err;
2842 }
2843 } else {
2844 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2845 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
2846 goto f_err;
2847 }
2848 }
2849 return (1); 2819 return (1);
2850f_err: 2820f_err:
2851 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2821 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index dfb4c283f1..5111e0e4fa 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_enc.c,v 1.50 2014/06/18 04:50:44 miod Exp $ */ 1/* $OpenBSD: s3_enc.c,v 1.51 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -218,21 +218,17 @@ ssl3_change_cipher_state(SSL *s, int which)
218 const unsigned char *client_write_key, *server_write_key; 218 const unsigned char *client_write_key, *server_write_key;
219 const unsigned char *client_write_iv, *server_write_iv; 219 const unsigned char *client_write_iv, *server_write_iv;
220 const unsigned char *mac_secret, *key, *iv; 220 const unsigned char *mac_secret, *key, *iv;
221 unsigned char *key_block, *er1, *er2; 221 unsigned char *key_block;
222 unsigned char export_key[EVP_MAX_KEY_LENGTH]; 222 int mac_len, key_len, iv_len;
223 unsigned char export_iv[EVP_MAX_IV_LENGTH];
224 int is_export, mac_len, key_len, iv_len;
225 char is_read, use_client_keys; 223 char is_read, use_client_keys;
226 EVP_CIPHER_CTX *cipher_ctx; 224 EVP_CIPHER_CTX *cipher_ctx;
227 const EVP_CIPHER *cipher; 225 const EVP_CIPHER *cipher;
228 EVP_MD_CTX mac_ctx;
229 const EVP_MD *mac; 226 const EVP_MD *mac;
230 227
231#ifndef OPENSSL_NO_COMP 228#ifndef OPENSSL_NO_COMP
232 const SSL_COMP *comp; 229 const SSL_COMP *comp;
233#endif 230#endif
234 231
235 is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
236 cipher = s->s3->tmp.new_sym_enc; 232 cipher = s->s3->tmp.new_sym_enc;
237 mac = s->s3->tmp.new_hash; 233 mac = s->s3->tmp.new_hash;
238 234
@@ -320,10 +316,6 @@ ssl3_change_cipher_state(SSL *s, int which)
320 if (mac_len < 0) 316 if (mac_len < 0)
321 goto err2; 317 goto err2;
322 318
323 if (is_export &&
324 key_len > SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher))
325 key_len = SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher);
326
327 key_block = s->s3->tmp.key_block; 319 key_block = s->s3->tmp.key_block;
328 client_write_mac_secret = key_block; 320 client_write_mac_secret = key_block;
329 key_block += mac_len; 321 key_block += mac_len;
@@ -342,14 +334,10 @@ ssl3_change_cipher_state(SSL *s, int which)
342 mac_secret = client_write_mac_secret; 334 mac_secret = client_write_mac_secret;
343 key = client_write_key; 335 key = client_write_key;
344 iv = client_write_iv; 336 iv = client_write_iv;
345 er1 = s->s3->client_random;
346 er2 = s->s3->server_random;
347 } else { 337 } else {
348 mac_secret = server_write_mac_secret; 338 mac_secret = server_write_mac_secret;
349 key = server_write_key; 339 key = server_write_key;
350 iv = server_write_iv; 340 iv = server_write_iv;
351 er1 = s->s3->server_random;
352 er2 = s->s3->client_random;
353 } 341 }
354 342
355 if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) { 343 if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) {
@@ -359,36 +347,9 @@ ssl3_change_cipher_state(SSL *s, int which)
359 347
360 memcpy(is_read ? s->s3->read_mac_secret : s->s3->write_mac_secret, 348 memcpy(is_read ? s->s3->read_mac_secret : s->s3->write_mac_secret,
361 mac_secret, mac_len); 349 mac_secret, mac_len);
362
363 EVP_MD_CTX_init(&mac_ctx);
364 if (is_export) {
365 /* In here I set both the read and write key/iv to the
366 * same value since only the correct one will be used :-).
367 */
368 EVP_DigestInit_ex(&mac_ctx, EVP_md5(), NULL);
369 EVP_DigestUpdate(&mac_ctx, key, key_len);
370 EVP_DigestUpdate(&mac_ctx, er1, SSL3_RANDOM_SIZE);
371 EVP_DigestUpdate(&mac_ctx, er2, SSL3_RANDOM_SIZE);
372 EVP_DigestFinal_ex(&mac_ctx, export_key, NULL);
373 key = export_key;
374
375 if (iv_len > 0) {
376 EVP_DigestInit_ex(&mac_ctx, EVP_md5(), NULL);
377 EVP_DigestUpdate(&mac_ctx, er1, SSL3_RANDOM_SIZE);
378 EVP_DigestUpdate(&mac_ctx, er2, SSL3_RANDOM_SIZE);
379 EVP_DigestFinal_ex(&mac_ctx, export_iv, NULL);
380 iv = export_iv;
381 }
382 }
383 350
384 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read); 351 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read);
385 352
386 if (is_export) {
387 OPENSSL_cleanse(export_key, sizeof(export_key));
388 OPENSSL_cleanse(export_iv, sizeof(export_iv));
389 }
390
391 EVP_MD_CTX_cleanup(&mac_ctx);
392 return (1); 353 return (1);
393err: 354err:
394 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); 355 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
@@ -432,10 +393,6 @@ ssl3_setup_key_block(SSL *s)
432 if (mac_len < 0) 393 if (mac_len < 0)
433 return 0; 394 return 0;
434 395
435 if (SSL_C_IS_EXPORT(s->session->cipher) &&
436 key_len > SSL_C_EXPORT_KEYLENGTH(s->session->cipher))
437 key_len = SSL_C_EXPORT_KEYLENGTH(s->session->cipher);
438
439 key_block_len = (mac_len + key_len + iv_len) * 2; 396 key_block_len = (mac_len + key_len + iv_len) * 2;
440 397
441 ssl3_cleanup_key_block(s); 398 ssl3_cleanup_key_block(s);
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index d07d7e7cbc..5c4e530d34 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.66 2014/07/09 11:10:51 bcook Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.67 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -210,7 +210,7 @@ SSL_CIPHER ssl3_ciphers[] = {
210 .algorithm_enc = SSL_RC4, 210 .algorithm_enc = SSL_RC4,
211 .algorithm_mac = SSL_MD5, 211 .algorithm_mac = SSL_MD5,
212 .algorithm_ssl = SSL_SSLV3, 212 .algorithm_ssl = SSL_SSLV3,
213 .algo_strength = SSL_EXPORT|SSL_EXP40, 213 .algo_strength = 0,
214 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 214 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
215 .strength_bits = 40, 215 .strength_bits = 40,
216 .alg_bits = 128, 216 .alg_bits = 128,
@@ -258,7 +258,7 @@ SSL_CIPHER ssl3_ciphers[] = {
258 .algorithm_enc = SSL_RC2, 258 .algorithm_enc = SSL_RC2,
259 .algorithm_mac = SSL_MD5, 259 .algorithm_mac = SSL_MD5,
260 .algorithm_ssl = SSL_SSLV3, 260 .algorithm_ssl = SSL_SSLV3,
261 .algo_strength = SSL_EXPORT|SSL_EXP40, 261 .algo_strength = 0,
262 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 262 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
263 .strength_bits = 40, 263 .strength_bits = 40,
264 .alg_bits = 128, 264 .alg_bits = 128,
@@ -292,7 +292,7 @@ SSL_CIPHER ssl3_ciphers[] = {
292 .algorithm_enc = SSL_DES, 292 .algorithm_enc = SSL_DES,
293 .algorithm_mac = SSL_SHA1, 293 .algorithm_mac = SSL_SHA1,
294 .algorithm_ssl = SSL_SSLV3, 294 .algorithm_ssl = SSL_SSLV3,
295 .algo_strength = SSL_EXPORT|SSL_EXP40, 295 .algo_strength = 0,
296 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 296 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
297 .strength_bits = 40, 297 .strength_bits = 40,
298 .alg_bits = 56, 298 .alg_bits = 56,
@@ -341,7 +341,7 @@ SSL_CIPHER ssl3_ciphers[] = {
341 .algorithm_enc = SSL_DES, 341 .algorithm_enc = SSL_DES,
342 .algorithm_mac = SSL_SHA1, 342 .algorithm_mac = SSL_SHA1,
343 .algorithm_ssl = SSL_SSLV3, 343 .algorithm_ssl = SSL_SSLV3,
344 .algo_strength = SSL_EXPORT|SSL_EXP40, 344 .algo_strength = 0,
345 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 345 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
346 .strength_bits = 40, 346 .strength_bits = 40,
347 .alg_bits = 56, 347 .alg_bits = 56,
@@ -389,7 +389,7 @@ SSL_CIPHER ssl3_ciphers[] = {
389 .algorithm_enc = SSL_DES, 389 .algorithm_enc = SSL_DES,
390 .algorithm_mac = SSL_SHA1, 390 .algorithm_mac = SSL_SHA1,
391 .algorithm_ssl = SSL_SSLV3, 391 .algorithm_ssl = SSL_SSLV3,
392 .algo_strength = SSL_EXPORT|SSL_EXP40, 392 .algo_strength = 0,
393 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 393 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
394 .strength_bits = 40, 394 .strength_bits = 40,
395 .alg_bits = 56, 395 .alg_bits = 56,
@@ -438,7 +438,7 @@ SSL_CIPHER ssl3_ciphers[] = {
438 .algorithm_enc = SSL_DES, 438 .algorithm_enc = SSL_DES,
439 .algorithm_mac = SSL_SHA1, 439 .algorithm_mac = SSL_SHA1,
440 .algorithm_ssl = SSL_SSLV3, 440 .algorithm_ssl = SSL_SSLV3,
441 .algo_strength = SSL_EXPORT|SSL_EXP40, 441 .algo_strength = 0,
442 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 442 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
443 .strength_bits = 40, 443 .strength_bits = 40,
444 .alg_bits = 56, 444 .alg_bits = 56,
@@ -486,7 +486,7 @@ SSL_CIPHER ssl3_ciphers[] = {
486 .algorithm_enc = SSL_DES, 486 .algorithm_enc = SSL_DES,
487 .algorithm_mac = SSL_SHA1, 487 .algorithm_mac = SSL_SHA1,
488 .algorithm_ssl = SSL_SSLV3, 488 .algorithm_ssl = SSL_SSLV3,
489 .algo_strength = SSL_EXPORT|SSL_EXP40, 489 .algo_strength = 0,
490 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 490 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
491 .strength_bits = 40, 491 .strength_bits = 40,
492 .alg_bits = 56, 492 .alg_bits = 56,
@@ -534,7 +534,7 @@ SSL_CIPHER ssl3_ciphers[] = {
534 .algorithm_enc = SSL_RC4, 534 .algorithm_enc = SSL_RC4,
535 .algorithm_mac = SSL_MD5, 535 .algorithm_mac = SSL_MD5,
536 .algorithm_ssl = SSL_SSLV3, 536 .algorithm_ssl = SSL_SSLV3,
537 .algo_strength = SSL_EXPORT|SSL_EXP40, 537 .algo_strength = 0,
538 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 538 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
539 .strength_bits = 40, 539 .strength_bits = 40,
540 .alg_bits = 128, 540 .alg_bits = 128,
@@ -566,7 +566,7 @@ SSL_CIPHER ssl3_ciphers[] = {
566 .algorithm_enc = SSL_DES, 566 .algorithm_enc = SSL_DES,
567 .algorithm_mac = SSL_SHA1, 567 .algorithm_mac = SSL_SHA1,
568 .algorithm_ssl = SSL_SSLV3, 568 .algorithm_ssl = SSL_SSLV3,
569 .algo_strength = SSL_EXPORT|SSL_EXP40, 569 .algo_strength = 0,
570 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 570 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
571 .strength_bits = 40, 571 .strength_bits = 40,
572 .alg_bits = 128, 572 .alg_bits = 128,
@@ -2999,7 +2999,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2999 int ec_ok, ec_nid; 2999 int ec_ok, ec_nid;
3000 unsigned char ec_search1 = 0, ec_search2 = 0; 3000 unsigned char ec_search1 = 0, ec_search2 = 0;
3001 CERT *cert; 3001 CERT *cert;
3002 unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; 3002 unsigned long alg_k, alg_a, mask_k, mask_a;
3003 3003
3004 /* Let's see which ciphers we can support */ 3004 /* Let's see which ciphers we can support */
3005 cert = s->cert; 3005 cert = s->cert;
@@ -3030,8 +3030,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3030 ssl_set_cert_masks(cert, c); 3030 ssl_set_cert_masks(cert, c);
3031 mask_k = cert->mask_k; 3031 mask_k = cert->mask_k;
3032 mask_a = cert->mask_a; 3032 mask_a = cert->mask_a;
3033 emask_k = cert->export_mask_k;
3034 emask_a = cert->export_mask_a;
3035 3033
3036 alg_k = c->algorithm_mkey; 3034 alg_k = c->algorithm_mkey;
3037 alg_a = c->algorithm_auth; 3035 alg_a = c->algorithm_auth;
@@ -3042,11 +3040,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3042 continue; 3040 continue;
3043#endif /* OPENSSL_NO_PSK */ 3041#endif /* OPENSSL_NO_PSK */
3044 3042
3045 if (SSL_C_IS_EXPORT(c)) { 3043 ok = (alg_k & mask_k) && (alg_a & mask_a);
3046 ok = (alg_k & emask_k) && (alg_a & emask_a);
3047 } else {
3048 ok = (alg_k & mask_k) && (alg_a & mask_a);
3049 }
3050 3044
3051 if ( 3045 if (
3052 /* 3046 /*
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index a3387040a9..f24d0f9cf8 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.67 2014/06/30 14:13:27 tedu Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.68 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -435,11 +435,7 @@ ssl3_accept(SSL *s)
435 || ((alg_k & SSL_kRSA) 435 || ((alg_k & SSL_kRSA)
436 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == 436 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey ==
437 NULL 437 NULL
438 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) 438 ))) {
439 && EVP_PKEY_size(
440 s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) * 8
441 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher
442 ))))) {
443 ret = ssl3_send_server_key_exchange(s); 439 ret = ssl3_send_server_key_exchange(s);
444 if (ret <= 0) 440 if (ret <= 0)
445 goto end; 441 goto end;
@@ -1296,8 +1292,6 @@ ssl3_get_client_hello(SSL *s)
1296 c = sk_SSL_CIPHER_value(sk, i); 1292 c = sk_SSL_CIPHER_value(sk, i);
1297 if (c->algorithm_enc & SSL_eNULL) 1293 if (c->algorithm_enc & SSL_eNULL)
1298 nc = c; 1294 nc = c;
1299 if (SSL_C_IS_EXPORT(c))
1300 ec = c;
1301 } 1295 }
1302 if (nc != NULL) 1296 if (nc != NULL)
1303 s->s3->tmp.new_cipher = nc; 1297 s->s3->tmp.new_cipher = nc;
@@ -1508,9 +1502,7 @@ ssl3_send_server_key_exchange(SSL *s)
1508 if (type & SSL_kRSA) { 1502 if (type & SSL_kRSA) {
1509 rsa = cert->rsa_tmp; 1503 rsa = cert->rsa_tmp;
1510 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { 1504 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
1511 rsa = s->cert->rsa_tmp_cb(s, 1505 rsa = s->cert->rsa_tmp_cb(s, 0, 0);
1512 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1513 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1514 if (rsa == NULL) { 1506 if (rsa == NULL) {
1515 al = SSL_AD_HANDSHAKE_FAILURE; 1507 al = SSL_AD_HANDSHAKE_FAILURE;
1516 SSLerr( 1508 SSLerr(
@@ -1534,9 +1526,7 @@ ssl3_send_server_key_exchange(SSL *s)
1534 if (type & SSL_kEDH) { 1526 if (type & SSL_kEDH) {
1535 dhp = cert->dh_tmp; 1527 dhp = cert->dh_tmp;
1536 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) 1528 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1537 dhp = s->cert->dh_tmp_cb(s, 1529 dhp = s->cert->dh_tmp_cb(s, 0, 0);
1538 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1539 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1540 if (dhp == NULL) { 1530 if (dhp == NULL) {
1541 al = SSL_AD_HANDSHAKE_FAILURE; 1531 al = SSL_AD_HANDSHAKE_FAILURE;
1542 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1532 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
@@ -1584,12 +1574,8 @@ ssl3_send_server_key_exchange(SSL *s)
1584 const EC_GROUP *group; 1574 const EC_GROUP *group;
1585 1575
1586 ecdhp = cert->ecdh_tmp; 1576 ecdhp = cert->ecdh_tmp;
1587 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) { 1577 if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL)
1588 ecdhp = s->cert->ecdh_tmp_cb( 1578 ecdhp = s->cert->ecdh_tmp_cb(s, 0, 0);
1589 s, SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1590 SSL_C_EXPORT_PKEYLENGTH(
1591 s->s3->tmp.new_cipher));
1592 }
1593 if (ecdhp == NULL) { 1579 if (ecdhp == NULL) {
1594 al = SSL_AD_HANDSHAKE_FAILURE; 1580 al = SSL_AD_HANDSHAKE_FAILURE;
1595 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1581 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
@@ -1634,13 +1620,6 @@ ssl3_send_server_key_exchange(SSL *s)
1634 goto err; 1620 goto err;
1635 } 1621 }
1636 1622
1637 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1638 (EC_GROUP_get_degree(group) > 163)) {
1639 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1640 SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1641 goto err;
1642 }
1643
1644 /* 1623 /*
1645 * XXX: For now, we only support ephemeral ECDH 1624 * XXX: For now, we only support ephemeral ECDH
1646 * keys over named (not generic) curves. For 1625 * keys over named (not generic) curves. For
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 3e09bd3521..b1eeb85c64 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.56 2014/06/13 13:28:53 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.57 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -222,12 +222,9 @@ extern "C" {
222 222
223/* These are used to specify which ciphers to use and not to use */ 223/* These are used to specify which ciphers to use and not to use */
224 224
225#define SSL_TXT_EXP40 "EXPORT40"
226#define SSL_TXT_EXP56 "EXPORT56"
227#define SSL_TXT_LOW "LOW" 225#define SSL_TXT_LOW "LOW"
228#define SSL_TXT_MEDIUM "MEDIUM" 226#define SSL_TXT_MEDIUM "MEDIUM"
229#define SSL_TXT_HIGH "HIGH" 227#define SSL_TXT_HIGH "HIGH"
230#define SSL_TXT_FIPS "FIPS"
231 228
232#define SSL_TXT_kFZA "kFZA" /* unused! */ 229#define SSL_TXT_kFZA "kFZA" /* unused! */
233#define SSL_TXT_aFZA "aFZA" /* unused! */ 230#define SSL_TXT_aFZA "aFZA" /* unused! */
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index 0864fe8d99..5b5ffac06f 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.39 2014/06/21 09:10:30 logan Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.40 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -202,8 +202,6 @@ ssl_cert_dup(CERT *cert)
202 ret->valid = cert->valid; 202 ret->valid = cert->valid;
203 ret->mask_k = cert->mask_k; 203 ret->mask_k = cert->mask_k;
204 ret->mask_a = cert->mask_a; 204 ret->mask_a = cert->mask_a;
205 ret->export_mask_k = cert->export_mask_k;
206 ret->export_mask_a = cert->export_mask_a;
207 205
208 if (cert->rsa_tmp != NULL) { 206 if (cert->rsa_tmp != NULL) {
209 RSA_up_ref(cert->rsa_tmp); 207 RSA_up_ref(cert->rsa_tmp);
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 31964ebe14..8fc05bc747 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.56 2014/07/08 21:50:40 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.57 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -526,26 +526,8 @@ static const SSL_CIPHER cipher_aliases[] = {
526 .algorithm_ssl = SSL_TLSV1_2, 526 .algorithm_ssl = SSL_TLSV1_2,
527 }, 527 },
528 528
529 /* export flag */
530 {
531 .name = SSL_TXT_EXP,
532 .algo_strength = SSL_EXPORT,
533 },
534 {
535 .name = SSL_TXT_EXPORT,
536 .algo_strength = SSL_EXPORT,
537 },
538
539 /* strength classes */ 529 /* strength classes */
540 { 530 {
541 .name = SSL_TXT_EXP40,
542 .algo_strength = SSL_EXP40,
543 },
544 {
545 .name = SSL_TXT_EXP56,
546 .algo_strength = SSL_EXP56,
547 },
548 {
549 .name = SSL_TXT_LOW, 531 .name = SSL_TXT_LOW,
550 .algo_strength = SSL_LOW, 532 .algo_strength = SSL_LOW,
551 }, 533 },
@@ -1214,8 +1196,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
1214 continue; 1196 continue;
1215 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) 1197 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
1216 continue; 1198 continue;
1217 if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
1218 continue;
1219 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) 1199 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
1220 continue; 1200 continue;
1221 } 1201 }
@@ -1469,21 +1449,6 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
1469 alg_mac = ca_list[j]->algorithm_mac; 1449 alg_mac = ca_list[j]->algorithm_mac;
1470 } 1450 }
1471 1451
1472 if (ca_list[j]->algo_strength & SSL_EXP_MASK) {
1473 if (algo_strength & SSL_EXP_MASK) {
1474 algo_strength &=
1475 (ca_list[j]->algo_strength &
1476 SSL_EXP_MASK) | ~SSL_EXP_MASK;
1477 if (!(algo_strength & SSL_EXP_MASK)) {
1478 found = 0;
1479 break;
1480 }
1481 } else
1482 algo_strength |=
1483 ca_list[j]->algo_strength &
1484 SSL_EXP_MASK;
1485 }
1486
1487 if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { 1452 if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
1488 if (algo_strength & SSL_STRONG_MASK) { 1453 if (algo_strength & SSL_STRONG_MASK) {
1489 algo_strength &= 1454 algo_strength &=
@@ -1739,11 +1704,11 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1739char * 1704char *
1740SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) 1705SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1741{ 1706{
1742 int is_export, pkl, kl, l; 1707 int l;
1743 const char *ver, *exp_str; 1708 const char *ver;
1744 const char *kx, *au, *enc, *mac; 1709 const char *kx, *au, *enc, *mac;
1745 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; 1710 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
1746 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1711 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
1747 1712
1748 alg_mkey = cipher->algorithm_mkey; 1713 alg_mkey = cipher->algorithm_mkey;
1749 alg_auth = cipher->algorithm_auth; 1714 alg_auth = cipher->algorithm_auth;
@@ -1753,11 +1718,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1753 1718
1754 alg2 = cipher->algorithm2; 1719 alg2 = cipher->algorithm2;
1755 1720
1756 is_export = SSL_C_IS_EXPORT(cipher);
1757 pkl = SSL_C_EXPORT_PKEYLENGTH(cipher);
1758 kl = SSL_C_EXPORT_KEYLENGTH(cipher);
1759 exp_str = is_export?" export":"";
1760
1761 if (alg_ssl & SSL_SSLV2) 1721 if (alg_ssl & SSL_SSLV2)
1762 ver="SSLv2"; 1722 ver="SSLv2";
1763 else if (alg_ssl & SSL_SSLV3) 1723 else if (alg_ssl & SSL_SSLV3)
@@ -1769,7 +1729,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1769 1729
1770 switch (alg_mkey) { 1730 switch (alg_mkey) {
1771 case SSL_kRSA: 1731 case SSL_kRSA:
1772 kx = is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; 1732 kx = "RSA";
1773 break; 1733 break;
1774 case SSL_kDHr: 1734 case SSL_kDHr:
1775 kx="DH/RSA"; 1735 kx="DH/RSA";
@@ -1781,7 +1741,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1781 kx="KRB5"; 1741 kx="KRB5";
1782 break; 1742 break;
1783 case SSL_kEDH: 1743 case SSL_kEDH:
1784 kx = is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 1744 kx = "DH";
1785 break; 1745 break;
1786 case SSL_kECDHr: 1746 case SSL_kECDHr:
1787 kx="ECDH/RSA"; 1747 kx="ECDH/RSA";
@@ -1834,17 +1794,16 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1834 1794
1835 switch (alg_enc) { 1795 switch (alg_enc) {
1836 case SSL_DES: 1796 case SSL_DES:
1837 enc = (is_export && kl == 5)?"DES(40)":"DES(56)"; 1797 enc = "DES(56)";
1838 break; 1798 break;
1839 case SSL_3DES: 1799 case SSL_3DES:
1840 enc="3DES(168)"; 1800 enc="3DES(168)";
1841 break; 1801 break;
1842 case SSL_RC4: 1802 case SSL_RC4:
1843 enc = is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") 1803 enc = alg2 & SSL2_CF_8_BYTE_ENC ? "RC4(64)" : "RC4(128)";
1844 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1845 break; 1804 break;
1846 case SSL_RC2: 1805 case SSL_RC2:
1847 enc = is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; 1806 enc = "RC2(128)";
1848 break; 1807 break;
1849 case SSL_IDEA: 1808 case SSL_IDEA:
1850 enc="IDEA(128)"; 1809 enc="IDEA(128)";
@@ -1903,11 +1862,10 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1903 } 1862 }
1904 1863
1905 if (buf == NULL) 1864 if (buf == NULL)
1906 l = asprintf(&buf, format, cipher->name, ver, kx, au, enc, 1865 l = asprintf(&buf, format, cipher->name, ver, kx, au, enc, mac);
1907 mac, exp_str);
1908 else { 1866 else {
1909 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, 1867 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc,
1910 mac, exp_str); 1868 mac);
1911 if (l >= len) 1869 if (l >= len)
1912 l = -1; 1870 l = -1;
1913 } 1871 }
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index f867daab0e..51772eb618 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.69 2014/06/19 21:29:51 tedu Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.70 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1956,9 +1956,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1956{ 1956{
1957 CERT_PKEY *cpk; 1957 CERT_PKEY *cpk;
1958 int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; 1958 int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
1959 int rsa_enc_export, dh_rsa_export, dh_dsa_export; 1959 unsigned long mask_k, mask_a;
1960 int rsa_tmp_export, dh_tmp_export, kl;
1961 unsigned long mask_k, mask_a, emask_k, emask_a;
1962 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; 1960 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
1963 int have_ecdh_tmp; 1961 int have_ecdh_tmp;
1964 X509 *x = NULL; 1962 X509 *x = NULL;
@@ -1968,39 +1966,25 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1968 if (c == NULL) 1966 if (c == NULL)
1969 return; 1967 return;
1970 1968
1971 kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
1972
1973 rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); 1969 rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
1974 rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
1975 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
1976 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 1970 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1977 dh_tmp_export = (c->dh_tmp_cb != NULL ||
1978 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
1979 1971
1980 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); 1972 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
1981 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); 1973 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
1982 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); 1974 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
1983 rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1984 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); 1975 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1985 rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); 1976 rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
1986 cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); 1977 cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
1987 dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); 1978 dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
1988 cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); 1979 cpk = &(c->pkeys[SSL_PKEY_DH_RSA]);
1989 dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL); 1980 dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
1990 dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1991 cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); 1981 cpk = &(c->pkeys[SSL_PKEY_DH_DSA]);
1992/* FIX THIS EAY EAY EAY */ 1982/* FIX THIS EAY EAY EAY */
1993 dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL); 1983 dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
1994 dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1995 cpk = &(c->pkeys[SSL_PKEY_ECC]); 1984 cpk = &(c->pkeys[SSL_PKEY_ECC]);
1996 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); 1985 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
1997 mask_k = 0; 1986 mask_k = 0;
1998 mask_a = 0; 1987 mask_a = 0;
1999 emask_k = 0;
2000 emask_a = 0;
2001
2002
2003
2004 1988
2005 cpk = &(c->pkeys[SSL_PKEY_GOST01]); 1989 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2006 if (cpk->x509 != NULL && cpk->privatekey !=NULL) { 1990 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
@@ -2015,38 +1999,23 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2015 1999
2016 if (rsa_enc || (rsa_tmp && rsa_sign)) 2000 if (rsa_enc || (rsa_tmp && rsa_sign))
2017 mask_k|=SSL_kRSA; 2001 mask_k|=SSL_kRSA;
2018 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
2019 emask_k|=SSL_kRSA;
2020
2021 if (dh_tmp_export)
2022 emask_k|=SSL_kEDH;
2023 2002
2024 if (dh_tmp) 2003 if (dh_tmp)
2025 mask_k|=SSL_kEDH; 2004 mask_k|=SSL_kEDH;
2026 2005
2027 if (dh_rsa) 2006 if (dh_rsa)
2028 mask_k|=SSL_kDHr; 2007 mask_k|=SSL_kDHr;
2029 if (dh_rsa_export)
2030 emask_k|=SSL_kDHr;
2031 2008
2032 if (dh_dsa) 2009 if (dh_dsa)
2033 mask_k|=SSL_kDHd; 2010 mask_k|=SSL_kDHd;
2034 if (dh_dsa_export)
2035 emask_k|=SSL_kDHd;
2036 2011
2037 if (rsa_enc || rsa_sign) { 2012 if (rsa_enc || rsa_sign)
2038 mask_a|=SSL_aRSA; 2013 mask_a|=SSL_aRSA;
2039 emask_a|=SSL_aRSA;
2040 }
2041 2014
2042 if (dsa_sign) { 2015 if (dsa_sign)
2043 mask_a|=SSL_aDSS; 2016 mask_a|=SSL_aDSS;
2044 emask_a|=SSL_aDSS;
2045 }
2046 2017
2047 mask_a|=SSL_aNULL; 2018 mask_a|=SSL_aNULL;
2048 emask_a|=SSL_aNULL;
2049
2050 2019
2051 /* 2020 /*
2052 * An ECC certificate may be usable for ECDH and/or 2021 * An ECC certificate may be usable for ECDH and/or
@@ -2069,47 +2038,30 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2069 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2038 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2070 } 2039 }
2071 if (ecdh_ok) { 2040 if (ecdh_ok) {
2072
2073 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { 2041 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
2074 mask_k|=SSL_kECDHr; 2042 mask_k|=SSL_kECDHr;
2075 mask_a|=SSL_aECDH; 2043 mask_a|=SSL_aECDH;
2076 if (ecc_pkey_size <= 163) {
2077 emask_k|=SSL_kECDHr;
2078 emask_a|=SSL_aECDH;
2079 }
2080 } 2044 }
2081
2082 if (pk_nid == NID_X9_62_id_ecPublicKey) { 2045 if (pk_nid == NID_X9_62_id_ecPublicKey) {
2083 mask_k|=SSL_kECDHe; 2046 mask_k|=SSL_kECDHe;
2084 mask_a|=SSL_aECDH; 2047 mask_a|=SSL_aECDH;
2085 if (ecc_pkey_size <= 163) {
2086 emask_k|=SSL_kECDHe;
2087 emask_a|=SSL_aECDH;
2088 }
2089 } 2048 }
2090 } 2049 }
2091 if (ecdsa_ok) { 2050 if (ecdsa_ok)
2092 mask_a|=SSL_aECDSA; 2051 mask_a|=SSL_aECDSA;
2093 emask_a|=SSL_aECDSA;
2094 }
2095 } 2052 }
2096 2053
2097 if (have_ecdh_tmp) { 2054 if (have_ecdh_tmp) {
2098 mask_k|=SSL_kEECDH; 2055 mask_k|=SSL_kEECDH;
2099 emask_k|=SSL_kEECDH;
2100 } 2056 }
2101 2057
2102#ifndef OPENSSL_NO_PSK 2058#ifndef OPENSSL_NO_PSK
2103 mask_k |= SSL_kPSK; 2059 mask_k |= SSL_kPSK;
2104 mask_a |= SSL_aPSK; 2060 mask_a |= SSL_aPSK;
2105 emask_k |= SSL_kPSK;
2106 emask_a |= SSL_aPSK;
2107#endif 2061#endif
2108 2062
2109 c->mask_k = mask_k; 2063 c->mask_k = mask_k;
2110 c->mask_a = mask_a; 2064 c->mask_a = mask_a;
2111 c->export_mask_k = emask_k;
2112 c->export_mask_a = emask_a;
2113 c->valid = 1; 2065 c->valid = 1;
2114} 2066}
2115 2067
@@ -2122,25 +2074,12 @@ int
2122ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2074ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2123{ 2075{
2124 unsigned long alg_k, alg_a; 2076 unsigned long alg_k, alg_a;
2125 EVP_PKEY *pkey = NULL;
2126 int keysize = 0;
2127 int signature_nid = 0, md_nid = 0, pk_nid = 0; 2077 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2128 const SSL_CIPHER *cs = s->s3->tmp.new_cipher; 2078 const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2129 2079
2130 alg_k = cs->algorithm_mkey; 2080 alg_k = cs->algorithm_mkey;
2131 alg_a = cs->algorithm_auth; 2081 alg_a = cs->algorithm_auth;
2132 2082
2133 if (SSL_C_IS_EXPORT(cs)) {
2134 /* ECDH key length in export ciphers must be <= 163 bits */
2135 pkey = X509_get_pubkey(x);
2136 if (pkey == NULL)
2137 return (0);
2138 keysize = EVP_PKEY_bits(pkey);
2139 EVP_PKEY_free(pkey);
2140 if (keysize > 163)
2141 return (0);
2142 }
2143
2144 /* This call populates the ex_flags field correctly */ 2083 /* This call populates the ex_flags field correctly */
2145 X509_check_purpose(x, -1, 0); 2084 X509_check_purpose(x, -1, 0);
2146 if ((x->sig_alg) && (x->sig_alg->algorithm)) { 2085 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 228bf5b2be..2b3d1b8e44 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.55 2014/07/08 21:50:40 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.56 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -368,63 +368,14 @@
368 (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2) 368 (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2)
369 369
370/* 370/*
371 * Export and cipher strength information. For each cipher we have to decide 371 * Cipher strength information.
372 * whether it is exportable or not. This information is likely to change
373 * over time, since the export control rules are no static technical issue.
374 *
375 * Independent of the export flag the cipher strength is sorted into classes.
376 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
377 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
378 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
379 * since SSL_EXP64 could be similar to SSL_LOW.
380 * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
381 * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
382 * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
383 * be possible.
384 */ 372 */
385#define SSL_EXP_MASK 0x00000003L
386#define SSL_STRONG_MASK 0x000001fcL 373#define SSL_STRONG_MASK 0x000001fcL
387
388#define SSL_EXPORT 0x00000002L
389
390#define SSL_STRONG_NONE 0x00000004L 374#define SSL_STRONG_NONE 0x00000004L
391#define SSL_EXP40 0x00000008L
392#define SSL_MICRO (SSL_EXP40)
393#define SSL_EXP56 0x00000010L
394#define SSL_MINI (SSL_EXP56)
395#define SSL_LOW 0x00000020L 375#define SSL_LOW 0x00000020L
396#define SSL_MEDIUM 0x00000040L 376#define SSL_MEDIUM 0x00000040L
397#define SSL_HIGH 0x00000080L 377#define SSL_HIGH 0x00000080L
398 378
399/* we have used 000001ff - 23 bits left to go */
400
401/*
402 * Macros to check the export status and cipher strength for export ciphers.
403 * Even though the macros for EXPORT and EXPORT40/56 have similar names,
404 * their meaning is different:
405 * *_EXPORT macros check the 'exportable' status.
406 * *_EXPORT40/56 macros are used to check whether a certain cipher strength
407 * is given.
408 * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
409 * algorithm structure element to be passed (algorithms, algo_strength) and no
410 * typechecking can be done as they are all of type unsigned long, their
411 * direct usage is discouraged.
412 * Use the SSL_C_* macros instead.
413 */
414#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
415#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
416#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
417#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
418#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
419#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
420
421#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
422 (a) == SSL_DES ? 8 : 7)
423#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
424#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
425 (c)->algo_strength)
426#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
427
428/* Check if an SSL structure is using DTLS. */ 379/* Check if an SSL structure is using DTLS. */
429#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) 380#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
430 381
@@ -490,8 +441,6 @@ typedef struct cert_st {
490 int valid; 441 int valid;
491 unsigned long mask_k; 442 unsigned long mask_k;
492 unsigned long mask_a; 443 unsigned long mask_a;
493 unsigned long export_mask_k;
494 unsigned long export_mask_a;
495 RSA *rsa_tmp; 444 RSA *rsa_tmp;
496 RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize); 445 RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
497 DH *dh_tmp; 446 DH *dh_tmp;
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 46238dc6c3..26d98522d0 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.64 2014/07/08 16:05:52 beck Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.65 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -375,21 +375,12 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
375 const unsigned char *key, unsigned int key_len, const unsigned char *iv, 375 const unsigned char *key, unsigned int key_len, const unsigned char *iv,
376 unsigned int iv_len) 376 unsigned int iv_len)
377{ 377{
378 static const unsigned char empty[] = "";
379 unsigned char export_tmp1[EVP_MAX_KEY_LENGTH];
380 unsigned char export_tmp2[EVP_MAX_KEY_LENGTH];
381 unsigned char export_iv1[EVP_MAX_IV_LENGTH * 2];
382 unsigned char export_iv2[EVP_MAX_IV_LENGTH * 2];
383 unsigned char *exp_label;
384 int exp_label_len;
385 EVP_CIPHER_CTX *cipher_ctx; 378 EVP_CIPHER_CTX *cipher_ctx;
386 const EVP_CIPHER *cipher; 379 const EVP_CIPHER *cipher;
387 EVP_MD_CTX *mac_ctx; 380 EVP_MD_CTX *mac_ctx;
388 const EVP_MD *mac; 381 const EVP_MD *mac;
389 int mac_type; 382 int mac_type;
390 int is_export;
391 383
392 is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
393 cipher = s->s3->tmp.new_sym_enc; 384 cipher = s->s3->tmp.new_sym_enc;
394 mac = s->s3->tmp.new_hash; 385 mac = s->s3->tmp.new_hash;
395 mac_type = s->s3->tmp.new_mac_pkey_type; 386 mac_type = s->s3->tmp.new_mac_pkey_type;
@@ -438,41 +429,6 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
438 s->write_hash = mac_ctx; 429 s->write_hash = mac_ctx;
439 } 430 }
440 431
441 if (is_export) {
442 /*
443 * Both the read and write key/iv are set to the same value
444 * since only the correct one will be used :-).
445 */
446 if (use_client_keys) {
447 exp_label = TLS_MD_CLIENT_WRITE_KEY_CONST;
448 exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
449 } else {
450 exp_label = TLS_MD_SERVER_WRITE_KEY_CONST;
451 exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
452 }
453 if (!tls1_PRF(ssl_get_algorithm2(s), exp_label, exp_label_len,
454 s->s3->client_random, SSL3_RANDOM_SIZE,
455 s->s3->server_random, SSL3_RANDOM_SIZE,
456 NULL, 0, NULL, 0, key, key_len, export_tmp1, export_tmp2,
457 EVP_CIPHER_key_length(cipher)))
458 goto err2;
459 key = export_tmp1;
460
461 if (iv_len > 0) {
462 if (!tls1_PRF(ssl_get_algorithm2(s),
463 TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
464 s->s3->client_random, SSL3_RANDOM_SIZE,
465 s->s3->server_random, SSL3_RANDOM_SIZE,
466 NULL, 0, NULL, 0, empty, 0,
467 export_iv1, export_iv2, iv_len * 2))
468 goto err2;
469 if (use_client_keys)
470 iv = export_iv1;
471 else
472 iv = &(export_iv1[iv_len]);
473 }
474 }
475
476 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) { 432 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {
477 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, NULL, 433 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, NULL,
478 !is_read); 434 !is_read);
@@ -494,18 +450,10 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
494 mac_secret_size, (unsigned char *)mac_secret); 450 mac_secret_size, (unsigned char *)mac_secret);
495 } 451 }
496 452
497 if (is_export) {
498 OPENSSL_cleanse(export_tmp1, sizeof(export_tmp1));
499 OPENSSL_cleanse(export_tmp2, sizeof(export_tmp2));
500 OPENSSL_cleanse(export_iv1, sizeof(export_iv1));
501 OPENSSL_cleanse(export_iv2, sizeof(export_iv2));
502 }
503
504 return (1); 453 return (1);
505 454
506err: 455err:
507 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER, ERR_R_MALLOC_FAILURE); 456 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER, ERR_R_MALLOC_FAILURE);
508err2:
509 return (0); 457 return (0);
510} 458}
511 459
@@ -521,13 +469,11 @@ tls1_change_cipher_state(SSL *s, int which)
521 const EVP_CIPHER *cipher; 469 const EVP_CIPHER *cipher;
522 const EVP_AEAD *aead; 470 const EVP_AEAD *aead;
523 char is_read, use_client_keys; 471 char is_read, use_client_keys;
524 int is_export;
525 472
526#ifndef OPENSSL_NO_COMP 473#ifndef OPENSSL_NO_COMP
527 const SSL_COMP *comp; 474 const SSL_COMP *comp;
528#endif 475#endif
529 476
530 is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
531 cipher = s->s3->tmp.new_sym_enc; 477 cipher = s->s3->tmp.new_sym_enc;
532 aead = s->s3->tmp.new_aead; 478 aead = s->s3->tmp.new_aead;
533 479
@@ -598,10 +544,6 @@ tls1_change_cipher_state(SSL *s, int which)
598 key_len = EVP_CIPHER_key_length(cipher); 544 key_len = EVP_CIPHER_key_length(cipher);
599 iv_len = EVP_CIPHER_iv_length(cipher); 545 iv_len = EVP_CIPHER_iv_length(cipher);
600 546
601 if (is_export &&
602 key_len > SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher))
603 key_len = SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher);
604
605 /* If GCM mode only part of IV comes from PRF. */ 547 /* If GCM mode only part of IV comes from PRF. */
606 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) 548 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
607 iv_len = EVP_GCM_TLS_FIXED_IV_LEN; 549 iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
@@ -700,10 +642,6 @@ tls1_setup_key_block(SSL *s)
700 key_len = EVP_CIPHER_key_length(cipher); 642 key_len = EVP_CIPHER_key_length(cipher);
701 iv_len = EVP_CIPHER_iv_length(cipher); 643 iv_len = EVP_CIPHER_iv_length(cipher);
702 644
703 if (SSL_C_IS_EXPORT(s->session->cipher) &&
704 key_len > SSL_C_EXPORT_KEYLENGTH(s->session->cipher))
705 key_len = SSL_C_EXPORT_KEYLENGTH(s->session->cipher);
706
707 /* If GCM mode only part of IV comes from PRF. */ 645 /* If GCM mode only part of IV comes from PRF. */
708 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) 646 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
709 iv_len = EVP_GCM_TLS_FIXED_IV_LEN; 647 iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 3e09bd3521..b1eeb85c64 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.56 2014/06/13 13:28:53 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.57 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -222,12 +222,9 @@ extern "C" {
222 222
223/* These are used to specify which ciphers to use and not to use */ 223/* These are used to specify which ciphers to use and not to use */
224 224
225#define SSL_TXT_EXP40 "EXPORT40"
226#define SSL_TXT_EXP56 "EXPORT56"
227#define SSL_TXT_LOW "LOW" 225#define SSL_TXT_LOW "LOW"
228#define SSL_TXT_MEDIUM "MEDIUM" 226#define SSL_TXT_MEDIUM "MEDIUM"
229#define SSL_TXT_HIGH "HIGH" 227#define SSL_TXT_HIGH "HIGH"
230#define SSL_TXT_FIPS "FIPS"
231 228
232#define SSL_TXT_kFZA "kFZA" /* unused! */ 229#define SSL_TXT_kFZA "kFZA" /* unused! */
233#define SSL_TXT_aFZA "aFZA" /* unused! */ 230#define SSL_TXT_aFZA "aFZA" /* unused! */
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 0864fe8d99..5b5ffac06f 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.39 2014/06/21 09:10:30 logan Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.40 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -202,8 +202,6 @@ ssl_cert_dup(CERT *cert)
202 ret->valid = cert->valid; 202 ret->valid = cert->valid;
203 ret->mask_k = cert->mask_k; 203 ret->mask_k = cert->mask_k;
204 ret->mask_a = cert->mask_a; 204 ret->mask_a = cert->mask_a;
205 ret->export_mask_k = cert->export_mask_k;
206 ret->export_mask_a = cert->export_mask_a;
207 205
208 if (cert->rsa_tmp != NULL) { 206 if (cert->rsa_tmp != NULL) {
209 RSA_up_ref(cert->rsa_tmp); 207 RSA_up_ref(cert->rsa_tmp);
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 31964ebe14..8fc05bc747 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.56 2014/07/08 21:50:40 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.57 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -526,26 +526,8 @@ static const SSL_CIPHER cipher_aliases[] = {
526 .algorithm_ssl = SSL_TLSV1_2, 526 .algorithm_ssl = SSL_TLSV1_2,
527 }, 527 },
528 528
529 /* export flag */
530 {
531 .name = SSL_TXT_EXP,
532 .algo_strength = SSL_EXPORT,
533 },
534 {
535 .name = SSL_TXT_EXPORT,
536 .algo_strength = SSL_EXPORT,
537 },
538
539 /* strength classes */ 529 /* strength classes */
540 { 530 {
541 .name = SSL_TXT_EXP40,
542 .algo_strength = SSL_EXP40,
543 },
544 {
545 .name = SSL_TXT_EXP56,
546 .algo_strength = SSL_EXP56,
547 },
548 {
549 .name = SSL_TXT_LOW, 531 .name = SSL_TXT_LOW,
550 .algo_strength = SSL_LOW, 532 .algo_strength = SSL_LOW,
551 }, 533 },
@@ -1214,8 +1196,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
1214 continue; 1196 continue;
1215 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) 1197 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
1216 continue; 1198 continue;
1217 if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
1218 continue;
1219 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) 1199 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
1220 continue; 1200 continue;
1221 } 1201 }
@@ -1469,21 +1449,6 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
1469 alg_mac = ca_list[j]->algorithm_mac; 1449 alg_mac = ca_list[j]->algorithm_mac;
1470 } 1450 }
1471 1451
1472 if (ca_list[j]->algo_strength & SSL_EXP_MASK) {
1473 if (algo_strength & SSL_EXP_MASK) {
1474 algo_strength &=
1475 (ca_list[j]->algo_strength &
1476 SSL_EXP_MASK) | ~SSL_EXP_MASK;
1477 if (!(algo_strength & SSL_EXP_MASK)) {
1478 found = 0;
1479 break;
1480 }
1481 } else
1482 algo_strength |=
1483 ca_list[j]->algo_strength &
1484 SSL_EXP_MASK;
1485 }
1486
1487 if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { 1452 if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
1488 if (algo_strength & SSL_STRONG_MASK) { 1453 if (algo_strength & SSL_STRONG_MASK) {
1489 algo_strength &= 1454 algo_strength &=
@@ -1739,11 +1704,11 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1739char * 1704char *
1740SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) 1705SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1741{ 1706{
1742 int is_export, pkl, kl, l; 1707 int l;
1743 const char *ver, *exp_str; 1708 const char *ver;
1744 const char *kx, *au, *enc, *mac; 1709 const char *kx, *au, *enc, *mac;
1745 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; 1710 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
1746 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1711 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
1747 1712
1748 alg_mkey = cipher->algorithm_mkey; 1713 alg_mkey = cipher->algorithm_mkey;
1749 alg_auth = cipher->algorithm_auth; 1714 alg_auth = cipher->algorithm_auth;
@@ -1753,11 +1718,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1753 1718
1754 alg2 = cipher->algorithm2; 1719 alg2 = cipher->algorithm2;
1755 1720
1756 is_export = SSL_C_IS_EXPORT(cipher);
1757 pkl = SSL_C_EXPORT_PKEYLENGTH(cipher);
1758 kl = SSL_C_EXPORT_KEYLENGTH(cipher);
1759 exp_str = is_export?" export":"";
1760
1761 if (alg_ssl & SSL_SSLV2) 1721 if (alg_ssl & SSL_SSLV2)
1762 ver="SSLv2"; 1722 ver="SSLv2";
1763 else if (alg_ssl & SSL_SSLV3) 1723 else if (alg_ssl & SSL_SSLV3)
@@ -1769,7 +1729,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1769 1729
1770 switch (alg_mkey) { 1730 switch (alg_mkey) {
1771 case SSL_kRSA: 1731 case SSL_kRSA:
1772 kx = is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; 1732 kx = "RSA";
1773 break; 1733 break;
1774 case SSL_kDHr: 1734 case SSL_kDHr:
1775 kx="DH/RSA"; 1735 kx="DH/RSA";
@@ -1781,7 +1741,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1781 kx="KRB5"; 1741 kx="KRB5";
1782 break; 1742 break;
1783 case SSL_kEDH: 1743 case SSL_kEDH:
1784 kx = is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 1744 kx = "DH";
1785 break; 1745 break;
1786 case SSL_kECDHr: 1746 case SSL_kECDHr:
1787 kx="ECDH/RSA"; 1747 kx="ECDH/RSA";
@@ -1834,17 +1794,16 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1834 1794
1835 switch (alg_enc) { 1795 switch (alg_enc) {
1836 case SSL_DES: 1796 case SSL_DES:
1837 enc = (is_export && kl == 5)?"DES(40)":"DES(56)"; 1797 enc = "DES(56)";
1838 break; 1798 break;
1839 case SSL_3DES: 1799 case SSL_3DES:
1840 enc="3DES(168)"; 1800 enc="3DES(168)";
1841 break; 1801 break;
1842 case SSL_RC4: 1802 case SSL_RC4:
1843 enc = is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") 1803 enc = alg2 & SSL2_CF_8_BYTE_ENC ? "RC4(64)" : "RC4(128)";
1844 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1845 break; 1804 break;
1846 case SSL_RC2: 1805 case SSL_RC2:
1847 enc = is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; 1806 enc = "RC2(128)";
1848 break; 1807 break;
1849 case SSL_IDEA: 1808 case SSL_IDEA:
1850 enc="IDEA(128)"; 1809 enc="IDEA(128)";
@@ -1903,11 +1862,10 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1903 } 1862 }
1904 1863
1905 if (buf == NULL) 1864 if (buf == NULL)
1906 l = asprintf(&buf, format, cipher->name, ver, kx, au, enc, 1865 l = asprintf(&buf, format, cipher->name, ver, kx, au, enc, mac);
1907 mac, exp_str);
1908 else { 1866 else {
1909 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, 1867 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc,
1910 mac, exp_str); 1868 mac);
1911 if (l >= len) 1869 if (l >= len)
1912 l = -1; 1870 l = -1;
1913 } 1871 }
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index f867daab0e..51772eb618 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.69 2014/06/19 21:29:51 tedu Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.70 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1956,9 +1956,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1956{ 1956{
1957 CERT_PKEY *cpk; 1957 CERT_PKEY *cpk;
1958 int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; 1958 int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
1959 int rsa_enc_export, dh_rsa_export, dh_dsa_export; 1959 unsigned long mask_k, mask_a;
1960 int rsa_tmp_export, dh_tmp_export, kl;
1961 unsigned long mask_k, mask_a, emask_k, emask_a;
1962 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; 1960 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
1963 int have_ecdh_tmp; 1961 int have_ecdh_tmp;
1964 X509 *x = NULL; 1962 X509 *x = NULL;
@@ -1968,39 +1966,25 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1968 if (c == NULL) 1966 if (c == NULL)
1969 return; 1967 return;
1970 1968
1971 kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
1972
1973 rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); 1969 rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
1974 rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
1975 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
1976 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 1970 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1977 dh_tmp_export = (c->dh_tmp_cb != NULL ||
1978 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
1979 1971
1980 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); 1972 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
1981 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); 1973 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
1982 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); 1974 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
1983 rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1984 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); 1975 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1985 rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); 1976 rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
1986 cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); 1977 cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
1987 dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); 1978 dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
1988 cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); 1979 cpk = &(c->pkeys[SSL_PKEY_DH_RSA]);
1989 dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL); 1980 dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
1990 dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1991 cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); 1981 cpk = &(c->pkeys[SSL_PKEY_DH_DSA]);
1992/* FIX THIS EAY EAY EAY */ 1982/* FIX THIS EAY EAY EAY */
1993 dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL); 1983 dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
1994 dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1995 cpk = &(c->pkeys[SSL_PKEY_ECC]); 1984 cpk = &(c->pkeys[SSL_PKEY_ECC]);
1996 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); 1985 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
1997 mask_k = 0; 1986 mask_k = 0;
1998 mask_a = 0; 1987 mask_a = 0;
1999 emask_k = 0;
2000 emask_a = 0;
2001
2002
2003
2004 1988
2005 cpk = &(c->pkeys[SSL_PKEY_GOST01]); 1989 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2006 if (cpk->x509 != NULL && cpk->privatekey !=NULL) { 1990 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
@@ -2015,38 +1999,23 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2015 1999
2016 if (rsa_enc || (rsa_tmp && rsa_sign)) 2000 if (rsa_enc || (rsa_tmp && rsa_sign))
2017 mask_k|=SSL_kRSA; 2001 mask_k|=SSL_kRSA;
2018 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
2019 emask_k|=SSL_kRSA;
2020
2021 if (dh_tmp_export)
2022 emask_k|=SSL_kEDH;
2023 2002
2024 if (dh_tmp) 2003 if (dh_tmp)
2025 mask_k|=SSL_kEDH; 2004 mask_k|=SSL_kEDH;
2026 2005
2027 if (dh_rsa) 2006 if (dh_rsa)
2028 mask_k|=SSL_kDHr; 2007 mask_k|=SSL_kDHr;
2029 if (dh_rsa_export)
2030 emask_k|=SSL_kDHr;
2031 2008
2032 if (dh_dsa) 2009 if (dh_dsa)
2033 mask_k|=SSL_kDHd; 2010 mask_k|=SSL_kDHd;
2034 if (dh_dsa_export)
2035 emask_k|=SSL_kDHd;
2036 2011
2037 if (rsa_enc || rsa_sign) { 2012 if (rsa_enc || rsa_sign)
2038 mask_a|=SSL_aRSA; 2013 mask_a|=SSL_aRSA;
2039 emask_a|=SSL_aRSA;
2040 }
2041 2014
2042 if (dsa_sign) { 2015 if (dsa_sign)
2043 mask_a|=SSL_aDSS; 2016 mask_a|=SSL_aDSS;
2044 emask_a|=SSL_aDSS;
2045 }
2046 2017
2047 mask_a|=SSL_aNULL; 2018 mask_a|=SSL_aNULL;
2048 emask_a|=SSL_aNULL;
2049
2050 2019
2051 /* 2020 /*
2052 * An ECC certificate may be usable for ECDH and/or 2021 * An ECC certificate may be usable for ECDH and/or
@@ -2069,47 +2038,30 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2069 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2038 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2070 } 2039 }
2071 if (ecdh_ok) { 2040 if (ecdh_ok) {
2072
2073 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { 2041 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
2074 mask_k|=SSL_kECDHr; 2042 mask_k|=SSL_kECDHr;
2075 mask_a|=SSL_aECDH; 2043 mask_a|=SSL_aECDH;
2076 if (ecc_pkey_size <= 163) {
2077 emask_k|=SSL_kECDHr;
2078 emask_a|=SSL_aECDH;
2079 }
2080 } 2044 }
2081
2082 if (pk_nid == NID_X9_62_id_ecPublicKey) { 2045 if (pk_nid == NID_X9_62_id_ecPublicKey) {
2083 mask_k|=SSL_kECDHe; 2046 mask_k|=SSL_kECDHe;
2084 mask_a|=SSL_aECDH; 2047 mask_a|=SSL_aECDH;
2085 if (ecc_pkey_size <= 163) {
2086 emask_k|=SSL_kECDHe;
2087 emask_a|=SSL_aECDH;
2088 }
2089 } 2048 }
2090 } 2049 }
2091 if (ecdsa_ok) { 2050 if (ecdsa_ok)
2092 mask_a|=SSL_aECDSA; 2051 mask_a|=SSL_aECDSA;
2093 emask_a|=SSL_aECDSA;
2094 }
2095 } 2052 }
2096 2053
2097 if (have_ecdh_tmp) { 2054 if (have_ecdh_tmp) {
2098 mask_k|=SSL_kEECDH; 2055 mask_k|=SSL_kEECDH;
2099 emask_k|=SSL_kEECDH;
2100 } 2056 }
2101 2057
2102#ifndef OPENSSL_NO_PSK 2058#ifndef OPENSSL_NO_PSK
2103 mask_k |= SSL_kPSK; 2059 mask_k |= SSL_kPSK;
2104 mask_a |= SSL_aPSK; 2060 mask_a |= SSL_aPSK;
2105 emask_k |= SSL_kPSK;
2106 emask_a |= SSL_aPSK;
2107#endif 2061#endif
2108 2062
2109 c->mask_k = mask_k; 2063 c->mask_k = mask_k;
2110 c->mask_a = mask_a; 2064 c->mask_a = mask_a;
2111 c->export_mask_k = emask_k;
2112 c->export_mask_a = emask_a;
2113 c->valid = 1; 2065 c->valid = 1;
2114} 2066}
2115 2067
@@ -2122,25 +2074,12 @@ int
2122ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2074ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2123{ 2075{
2124 unsigned long alg_k, alg_a; 2076 unsigned long alg_k, alg_a;
2125 EVP_PKEY *pkey = NULL;
2126 int keysize = 0;
2127 int signature_nid = 0, md_nid = 0, pk_nid = 0; 2077 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2128 const SSL_CIPHER *cs = s->s3->tmp.new_cipher; 2078 const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2129 2079
2130 alg_k = cs->algorithm_mkey; 2080 alg_k = cs->algorithm_mkey;
2131 alg_a = cs->algorithm_auth; 2081 alg_a = cs->algorithm_auth;
2132 2082
2133 if (SSL_C_IS_EXPORT(cs)) {
2134 /* ECDH key length in export ciphers must be <= 163 bits */
2135 pkey = X509_get_pubkey(x);
2136 if (pkey == NULL)
2137 return (0);
2138 keysize = EVP_PKEY_bits(pkey);
2139 EVP_PKEY_free(pkey);
2140 if (keysize > 163)
2141 return (0);
2142 }
2143
2144 /* This call populates the ex_flags field correctly */ 2083 /* This call populates the ex_flags field correctly */
2145 X509_check_purpose(x, -1, 0); 2084 X509_check_purpose(x, -1, 0);
2146 if ((x->sig_alg) && (x->sig_alg->algorithm)) { 2085 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 228bf5b2be..2b3d1b8e44 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.55 2014/07/08 21:50:40 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.56 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -368,63 +368,14 @@
368 (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2) 368 (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2)
369 369
370/* 370/*
371 * Export and cipher strength information. For each cipher we have to decide 371 * Cipher strength information.
372 * whether it is exportable or not. This information is likely to change
373 * over time, since the export control rules are no static technical issue.
374 *
375 * Independent of the export flag the cipher strength is sorted into classes.
376 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
377 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
378 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
379 * since SSL_EXP64 could be similar to SSL_LOW.
380 * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
381 * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
382 * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
383 * be possible.
384 */ 372 */
385#define SSL_EXP_MASK 0x00000003L
386#define SSL_STRONG_MASK 0x000001fcL 373#define SSL_STRONG_MASK 0x000001fcL
387
388#define SSL_EXPORT 0x00000002L
389
390#define SSL_STRONG_NONE 0x00000004L 374#define SSL_STRONG_NONE 0x00000004L
391#define SSL_EXP40 0x00000008L
392#define SSL_MICRO (SSL_EXP40)
393#define SSL_EXP56 0x00000010L
394#define SSL_MINI (SSL_EXP56)
395#define SSL_LOW 0x00000020L 375#define SSL_LOW 0x00000020L
396#define SSL_MEDIUM 0x00000040L 376#define SSL_MEDIUM 0x00000040L
397#define SSL_HIGH 0x00000080L 377#define SSL_HIGH 0x00000080L
398 378
399/* we have used 000001ff - 23 bits left to go */
400
401/*
402 * Macros to check the export status and cipher strength for export ciphers.
403 * Even though the macros for EXPORT and EXPORT40/56 have similar names,
404 * their meaning is different:
405 * *_EXPORT macros check the 'exportable' status.
406 * *_EXPORT40/56 macros are used to check whether a certain cipher strength
407 * is given.
408 * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
409 * algorithm structure element to be passed (algorithms, algo_strength) and no
410 * typechecking can be done as they are all of type unsigned long, their
411 * direct usage is discouraged.
412 * Use the SSL_C_* macros instead.
413 */
414#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
415#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
416#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
417#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
418#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
419#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
420
421#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
422 (a) == SSL_DES ? 8 : 7)
423#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
424#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
425 (c)->algo_strength)
426#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
427
428/* Check if an SSL structure is using DTLS. */ 379/* Check if an SSL structure is using DTLS. */
429#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) 380#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
430 381
@@ -490,8 +441,6 @@ typedef struct cert_st {
490 int valid; 441 int valid;
491 unsigned long mask_k; 442 unsigned long mask_k;
492 unsigned long mask_a; 443 unsigned long mask_a;
493 unsigned long export_mask_k;
494 unsigned long export_mask_a;
495 RSA *rsa_tmp; 444 RSA *rsa_tmp;
496 RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize); 445 RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
497 DH *dh_tmp; 446 DH *dh_tmp;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 46238dc6c3..26d98522d0 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.64 2014/07/08 16:05:52 beck Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.65 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -375,21 +375,12 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
375 const unsigned char *key, unsigned int key_len, const unsigned char *iv, 375 const unsigned char *key, unsigned int key_len, const unsigned char *iv,
376 unsigned int iv_len) 376 unsigned int iv_len)
377{ 377{
378 static const unsigned char empty[] = "";
379 unsigned char export_tmp1[EVP_MAX_KEY_LENGTH];
380 unsigned char export_tmp2[EVP_MAX_KEY_LENGTH];
381 unsigned char export_iv1[EVP_MAX_IV_LENGTH * 2];
382 unsigned char export_iv2[EVP_MAX_IV_LENGTH * 2];
383 unsigned char *exp_label;
384 int exp_label_len;
385 EVP_CIPHER_CTX *cipher_ctx; 378 EVP_CIPHER_CTX *cipher_ctx;
386 const EVP_CIPHER *cipher; 379 const EVP_CIPHER *cipher;
387 EVP_MD_CTX *mac_ctx; 380 EVP_MD_CTX *mac_ctx;
388 const EVP_MD *mac; 381 const EVP_MD *mac;
389 int mac_type; 382 int mac_type;
390 int is_export;
391 383
392 is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
393 cipher = s->s3->tmp.new_sym_enc; 384 cipher = s->s3->tmp.new_sym_enc;
394 mac = s->s3->tmp.new_hash; 385 mac = s->s3->tmp.new_hash;
395 mac_type = s->s3->tmp.new_mac_pkey_type; 386 mac_type = s->s3->tmp.new_mac_pkey_type;
@@ -438,41 +429,6 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
438 s->write_hash = mac_ctx; 429 s->write_hash = mac_ctx;
439 } 430 }
440 431
441 if (is_export) {
442 /*
443 * Both the read and write key/iv are set to the same value
444 * since only the correct one will be used :-).
445 */
446 if (use_client_keys) {
447 exp_label = TLS_MD_CLIENT_WRITE_KEY_CONST;
448 exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
449 } else {
450 exp_label = TLS_MD_SERVER_WRITE_KEY_CONST;
451 exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
452 }
453 if (!tls1_PRF(ssl_get_algorithm2(s), exp_label, exp_label_len,
454 s->s3->client_random, SSL3_RANDOM_SIZE,
455 s->s3->server_random, SSL3_RANDOM_SIZE,
456 NULL, 0, NULL, 0, key, key_len, export_tmp1, export_tmp2,
457 EVP_CIPHER_key_length(cipher)))
458 goto err2;
459 key = export_tmp1;
460
461 if (iv_len > 0) {
462 if (!tls1_PRF(ssl_get_algorithm2(s),
463 TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
464 s->s3->client_random, SSL3_RANDOM_SIZE,
465 s->s3->server_random, SSL3_RANDOM_SIZE,
466 NULL, 0, NULL, 0, empty, 0,
467 export_iv1, export_iv2, iv_len * 2))
468 goto err2;
469 if (use_client_keys)
470 iv = export_iv1;
471 else
472 iv = &(export_iv1[iv_len]);
473 }
474 }
475
476 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) { 432 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {
477 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, NULL, 433 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, NULL,
478 !is_read); 434 !is_read);
@@ -494,18 +450,10 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
494 mac_secret_size, (unsigned char *)mac_secret); 450 mac_secret_size, (unsigned char *)mac_secret);
495 } 451 }
496 452
497 if (is_export) {
498 OPENSSL_cleanse(export_tmp1, sizeof(export_tmp1));
499 OPENSSL_cleanse(export_tmp2, sizeof(export_tmp2));
500 OPENSSL_cleanse(export_iv1, sizeof(export_iv1));
501 OPENSSL_cleanse(export_iv2, sizeof(export_iv2));
502 }
503
504 return (1); 453 return (1);
505 454
506err: 455err:
507 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER, ERR_R_MALLOC_FAILURE); 456 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER, ERR_R_MALLOC_FAILURE);
508err2:
509 return (0); 457 return (0);
510} 458}
511 459
@@ -521,13 +469,11 @@ tls1_change_cipher_state(SSL *s, int which)
521 const EVP_CIPHER *cipher; 469 const EVP_CIPHER *cipher;
522 const EVP_AEAD *aead; 470 const EVP_AEAD *aead;
523 char is_read, use_client_keys; 471 char is_read, use_client_keys;
524 int is_export;
525 472
526#ifndef OPENSSL_NO_COMP 473#ifndef OPENSSL_NO_COMP
527 const SSL_COMP *comp; 474 const SSL_COMP *comp;
528#endif 475#endif
529 476
530 is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
531 cipher = s->s3->tmp.new_sym_enc; 477 cipher = s->s3->tmp.new_sym_enc;
532 aead = s->s3->tmp.new_aead; 478 aead = s->s3->tmp.new_aead;
533 479
@@ -598,10 +544,6 @@ tls1_change_cipher_state(SSL *s, int which)
598 key_len = EVP_CIPHER_key_length(cipher); 544 key_len = EVP_CIPHER_key_length(cipher);
599 iv_len = EVP_CIPHER_iv_length(cipher); 545 iv_len = EVP_CIPHER_iv_length(cipher);
600 546
601 if (is_export &&
602 key_len > SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher))
603 key_len = SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher);
604
605 /* If GCM mode only part of IV comes from PRF. */ 547 /* If GCM mode only part of IV comes from PRF. */
606 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) 548 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
607 iv_len = EVP_GCM_TLS_FIXED_IV_LEN; 549 iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
@@ -700,10 +642,6 @@ tls1_setup_key_block(SSL *s)
700 key_len = EVP_CIPHER_key_length(cipher); 642 key_len = EVP_CIPHER_key_length(cipher);
701 iv_len = EVP_CIPHER_iv_length(cipher); 643 iv_len = EVP_CIPHER_iv_length(cipher);
702 644
703 if (SSL_C_IS_EXPORT(s->session->cipher) &&
704 key_len > SSL_C_EXPORT_KEYLENGTH(s->session->cipher))
705 key_len = SSL_C_EXPORT_KEYLENGTH(s->session->cipher);
706
707 /* If GCM mode only part of IV comes from PRF. */ 645 /* If GCM mode only part of IV comes from PRF. */
708 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) 646 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
709 iv_len = EVP_GCM_TLS_FIXED_IV_LEN; 647 iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 04:26:47 +0000