diff options
| author | jsing <> | 2014-07-09 11:25:42 +0000 |
|---|---|---|
| committer | jsing <> | 2014-07-09 11:25:42 +0000 |
| commit | c90a1a4bb021e5a2622323df8464bf574d0c4364 (patch) | |
| tree | 604b9084e9f8d9e522922bc0cd6be5e22478e9ee /src/lib/libssl/s3_lib.c | |
| parent | 4afcbff6153d561348af47fa000f298df3693a3c (diff) | |
| download | openbsd-c90a1a4bb021e5a2622323df8464bf574d0c4364.tar.gz openbsd-c90a1a4bb021e5a2622323df8464bf574d0c4364.tar.bz2 openbsd-c90a1a4bb021e5a2622323df8464bf574d0c4364.zip | |
tedu the SSL export cipher handling - since we do not have enabled export
ciphers we no longer need the flags or code to support it.
ok beck@ miod@
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 30 |
1 files changed, 12 insertions, 18 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index d07d7e7cbc..5c4e530d34 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.66 2014/07/09 11:10:51 bcook Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.67 2014/07/09 11:25:42 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -210,7 +210,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 210 | .algorithm_enc = SSL_RC4, | 210 | .algorithm_enc = SSL_RC4, |
| 211 | .algorithm_mac = SSL_MD5, | 211 | .algorithm_mac = SSL_MD5, |
| 212 | .algorithm_ssl = SSL_SSLV3, | 212 | .algorithm_ssl = SSL_SSLV3, |
| 213 | .algo_strength = SSL_EXPORT|SSL_EXP40, | 213 | .algo_strength = 0, |
| 214 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 214 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 215 | .strength_bits = 40, | 215 | .strength_bits = 40, |
| 216 | .alg_bits = 128, | 216 | .alg_bits = 128, |
| @@ -258,7 +258,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 258 | .algorithm_enc = SSL_RC2, | 258 | .algorithm_enc = SSL_RC2, |
| 259 | .algorithm_mac = SSL_MD5, | 259 | .algorithm_mac = SSL_MD5, |
| 260 | .algorithm_ssl = SSL_SSLV3, | 260 | .algorithm_ssl = SSL_SSLV3, |
| 261 | .algo_strength = SSL_EXPORT|SSL_EXP40, | 261 | .algo_strength = 0, |
| 262 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 262 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 263 | .strength_bits = 40, | 263 | .strength_bits = 40, |
| 264 | .alg_bits = 128, | 264 | .alg_bits = 128, |
| @@ -292,7 +292,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 292 | .algorithm_enc = SSL_DES, | 292 | .algorithm_enc = SSL_DES, |
| 293 | .algorithm_mac = SSL_SHA1, | 293 | .algorithm_mac = SSL_SHA1, |
| 294 | .algorithm_ssl = SSL_SSLV3, | 294 | .algorithm_ssl = SSL_SSLV3, |
| 295 | .algo_strength = SSL_EXPORT|SSL_EXP40, | 295 | .algo_strength = 0, |
| 296 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 296 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 297 | .strength_bits = 40, | 297 | .strength_bits = 40, |
| 298 | .alg_bits = 56, | 298 | .alg_bits = 56, |
| @@ -341,7 +341,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 341 | .algorithm_enc = SSL_DES, | 341 | .algorithm_enc = SSL_DES, |
| 342 | .algorithm_mac = SSL_SHA1, | 342 | .algorithm_mac = SSL_SHA1, |
| 343 | .algorithm_ssl = SSL_SSLV3, | 343 | .algorithm_ssl = SSL_SSLV3, |
| 344 | .algo_strength = SSL_EXPORT|SSL_EXP40, | 344 | .algo_strength = 0, |
| 345 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 345 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 346 | .strength_bits = 40, | 346 | .strength_bits = 40, |
| 347 | .alg_bits = 56, | 347 | .alg_bits = 56, |
| @@ -389,7 +389,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 389 | .algorithm_enc = SSL_DES, | 389 | .algorithm_enc = SSL_DES, |
| 390 | .algorithm_mac = SSL_SHA1, | 390 | .algorithm_mac = SSL_SHA1, |
| 391 | .algorithm_ssl = SSL_SSLV3, | 391 | .algorithm_ssl = SSL_SSLV3, |
| 392 | .algo_strength = SSL_EXPORT|SSL_EXP40, | 392 | .algo_strength = 0, |
| 393 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 393 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 394 | .strength_bits = 40, | 394 | .strength_bits = 40, |
| 395 | .alg_bits = 56, | 395 | .alg_bits = 56, |
| @@ -438,7 +438,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 438 | .algorithm_enc = SSL_DES, | 438 | .algorithm_enc = SSL_DES, |
| 439 | .algorithm_mac = SSL_SHA1, | 439 | .algorithm_mac = SSL_SHA1, |
| 440 | .algorithm_ssl = SSL_SSLV3, | 440 | .algorithm_ssl = SSL_SSLV3, |
| 441 | .algo_strength = SSL_EXPORT|SSL_EXP40, | 441 | .algo_strength = 0, |
| 442 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 442 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 443 | .strength_bits = 40, | 443 | .strength_bits = 40, |
| 444 | .alg_bits = 56, | 444 | .alg_bits = 56, |
| @@ -486,7 +486,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 486 | .algorithm_enc = SSL_DES, | 486 | .algorithm_enc = SSL_DES, |
| 487 | .algorithm_mac = SSL_SHA1, | 487 | .algorithm_mac = SSL_SHA1, |
| 488 | .algorithm_ssl = SSL_SSLV3, | 488 | .algorithm_ssl = SSL_SSLV3, |
| 489 | .algo_strength = SSL_EXPORT|SSL_EXP40, | 489 | .algo_strength = 0, |
| 490 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 490 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 491 | .strength_bits = 40, | 491 | .strength_bits = 40, |
| 492 | .alg_bits = 56, | 492 | .alg_bits = 56, |
| @@ -534,7 +534,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 534 | .algorithm_enc = SSL_RC4, | 534 | .algorithm_enc = SSL_RC4, |
| 535 | .algorithm_mac = SSL_MD5, | 535 | .algorithm_mac = SSL_MD5, |
| 536 | .algorithm_ssl = SSL_SSLV3, | 536 | .algorithm_ssl = SSL_SSLV3, |
| 537 | .algo_strength = SSL_EXPORT|SSL_EXP40, | 537 | .algo_strength = 0, |
| 538 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 538 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 539 | .strength_bits = 40, | 539 | .strength_bits = 40, |
| 540 | .alg_bits = 128, | 540 | .alg_bits = 128, |
| @@ -566,7 +566,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 566 | .algorithm_enc = SSL_DES, | 566 | .algorithm_enc = SSL_DES, |
| 567 | .algorithm_mac = SSL_SHA1, | 567 | .algorithm_mac = SSL_SHA1, |
| 568 | .algorithm_ssl = SSL_SSLV3, | 568 | .algorithm_ssl = SSL_SSLV3, |
| 569 | .algo_strength = SSL_EXPORT|SSL_EXP40, | 569 | .algo_strength = 0, |
| 570 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 570 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 571 | .strength_bits = 40, | 571 | .strength_bits = 40, |
| 572 | .alg_bits = 128, | 572 | .alg_bits = 128, |
| @@ -2999,7 +2999,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 2999 | int ec_ok, ec_nid; | 2999 | int ec_ok, ec_nid; |
| 3000 | unsigned char ec_search1 = 0, ec_search2 = 0; | 3000 | unsigned char ec_search1 = 0, ec_search2 = 0; |
| 3001 | CERT *cert; | 3001 | CERT *cert; |
| 3002 | unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; | 3002 | unsigned long alg_k, alg_a, mask_k, mask_a; |
| 3003 | 3003 | ||
| 3004 | /* Let's see which ciphers we can support */ | 3004 | /* Let's see which ciphers we can support */ |
| 3005 | cert = s->cert; | 3005 | cert = s->cert; |
| @@ -3030,8 +3030,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 3030 | ssl_set_cert_masks(cert, c); | 3030 | ssl_set_cert_masks(cert, c); |
| 3031 | mask_k = cert->mask_k; | 3031 | mask_k = cert->mask_k; |
| 3032 | mask_a = cert->mask_a; | 3032 | mask_a = cert->mask_a; |
| 3033 | emask_k = cert->export_mask_k; | ||
| 3034 | emask_a = cert->export_mask_a; | ||
| 3035 | 3033 | ||
| 3036 | alg_k = c->algorithm_mkey; | 3034 | alg_k = c->algorithm_mkey; |
| 3037 | alg_a = c->algorithm_auth; | 3035 | alg_a = c->algorithm_auth; |
| @@ -3042,11 +3040,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 3042 | continue; | 3040 | continue; |
| 3043 | #endif /* OPENSSL_NO_PSK */ | 3041 | #endif /* OPENSSL_NO_PSK */ |
| 3044 | 3042 | ||
| 3045 | if (SSL_C_IS_EXPORT(c)) { | 3043 | ok = (alg_k & mask_k) && (alg_a & mask_a); |
| 3046 | ok = (alg_k & emask_k) && (alg_a & emask_a); | ||
| 3047 | } else { | ||
| 3048 | ok = (alg_k & mask_k) && (alg_a & mask_a); | ||
| 3049 | } | ||
| 3050 | 3044 | ||
| 3051 | if ( | 3045 | if ( |
| 3052 | /* | 3046 | /* |