summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
authorjsing <>2014-07-09 11:25:42 +0000
committerjsing <>2014-07-09 11:25:42 +0000
commite39ae219007e146f0b9e77030338a5ced6fe0e3c (patch)
tree604b9084e9f8d9e522922bc0cd6be5e22478e9ee /src/lib/libssl/ssl_ciph.c
parentdd1dab9e5f2fdf8d0b2b49e9a51011f45aacd959 (diff)
downloadopenbsd-e39ae219007e146f0b9e77030338a5ced6fe0e3c.tar.gz
openbsd-e39ae219007e146f0b9e77030338a5ced6fe0e3c.tar.bz2
openbsd-e39ae219007e146f0b9e77030338a5ced6fe0e3c.zip
tedu the SSL export cipher handling - since we do not have enabled export
ciphers we no longer need the flags or code to support it. ok beck@ miod@
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r--src/lib/libssl/ssl_ciph.c64
1 files changed, 11 insertions, 53 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 31964ebe14..8fc05bc747 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.56 2014/07/08 21:50:40 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.57 2014/07/09 11:25:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -526,26 +526,8 @@ static const SSL_CIPHER cipher_aliases[] = {
526 .algorithm_ssl = SSL_TLSV1_2, 526 .algorithm_ssl = SSL_TLSV1_2,
527 }, 527 },
528 528
529 /* export flag */
530 {
531 .name = SSL_TXT_EXP,
532 .algo_strength = SSL_EXPORT,
533 },
534 {
535 .name = SSL_TXT_EXPORT,
536 .algo_strength = SSL_EXPORT,
537 },
538
539 /* strength classes */ 529 /* strength classes */
540 { 530 {
541 .name = SSL_TXT_EXP40,
542 .algo_strength = SSL_EXP40,
543 },
544 {
545 .name = SSL_TXT_EXP56,
546 .algo_strength = SSL_EXP56,
547 },
548 {
549 .name = SSL_TXT_LOW, 531 .name = SSL_TXT_LOW,
550 .algo_strength = SSL_LOW, 532 .algo_strength = SSL_LOW,
551 }, 533 },
@@ -1214,8 +1196,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
1214 continue; 1196 continue;
1215 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) 1197 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
1216 continue; 1198 continue;
1217 if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
1218 continue;
1219 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) 1199 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
1220 continue; 1200 continue;
1221 } 1201 }
@@ -1469,21 +1449,6 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
1469 alg_mac = ca_list[j]->algorithm_mac; 1449 alg_mac = ca_list[j]->algorithm_mac;
1470 } 1450 }
1471 1451
1472 if (ca_list[j]->algo_strength & SSL_EXP_MASK) {
1473 if (algo_strength & SSL_EXP_MASK) {
1474 algo_strength &=
1475 (ca_list[j]->algo_strength &
1476 SSL_EXP_MASK) | ~SSL_EXP_MASK;
1477 if (!(algo_strength & SSL_EXP_MASK)) {
1478 found = 0;
1479 break;
1480 }
1481 } else
1482 algo_strength |=
1483 ca_list[j]->algo_strength &
1484 SSL_EXP_MASK;
1485 }
1486
1487 if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { 1452 if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
1488 if (algo_strength & SSL_STRONG_MASK) { 1453 if (algo_strength & SSL_STRONG_MASK) {
1489 algo_strength &= 1454 algo_strength &=
@@ -1739,11 +1704,11 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1739char * 1704char *
1740SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) 1705SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1741{ 1706{
1742 int is_export, pkl, kl, l; 1707 int l;
1743 const char *ver, *exp_str; 1708 const char *ver;
1744 const char *kx, *au, *enc, *mac; 1709 const char *kx, *au, *enc, *mac;
1745 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; 1710 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
1746 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1711 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
1747 1712
1748 alg_mkey = cipher->algorithm_mkey; 1713 alg_mkey = cipher->algorithm_mkey;
1749 alg_auth = cipher->algorithm_auth; 1714 alg_auth = cipher->algorithm_auth;
@@ -1753,11 +1718,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1753 1718
1754 alg2 = cipher->algorithm2; 1719 alg2 = cipher->algorithm2;
1755 1720
1756 is_export = SSL_C_IS_EXPORT(cipher);
1757 pkl = SSL_C_EXPORT_PKEYLENGTH(cipher);
1758 kl = SSL_C_EXPORT_KEYLENGTH(cipher);
1759 exp_str = is_export?" export":"";
1760
1761 if (alg_ssl & SSL_SSLV2) 1721 if (alg_ssl & SSL_SSLV2)
1762 ver="SSLv2"; 1722 ver="SSLv2";
1763 else if (alg_ssl & SSL_SSLV3) 1723 else if (alg_ssl & SSL_SSLV3)
@@ -1769,7 +1729,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1769 1729
1770 switch (alg_mkey) { 1730 switch (alg_mkey) {
1771 case SSL_kRSA: 1731 case SSL_kRSA:
1772 kx = is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; 1732 kx = "RSA";
1773 break; 1733 break;
1774 case SSL_kDHr: 1734 case SSL_kDHr:
1775 kx="DH/RSA"; 1735 kx="DH/RSA";
@@ -1781,7 +1741,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1781 kx="KRB5"; 1741 kx="KRB5";
1782 break; 1742 break;
1783 case SSL_kEDH: 1743 case SSL_kEDH:
1784 kx = is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 1744 kx = "DH";
1785 break; 1745 break;
1786 case SSL_kECDHr: 1746 case SSL_kECDHr:
1787 kx="ECDH/RSA"; 1747 kx="ECDH/RSA";
@@ -1834,17 +1794,16 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1834 1794
1835 switch (alg_enc) { 1795 switch (alg_enc) {
1836 case SSL_DES: 1796 case SSL_DES:
1837 enc = (is_export && kl == 5)?"DES(40)":"DES(56)"; 1797 enc = "DES(56)";
1838 break; 1798 break;
1839 case SSL_3DES: 1799 case SSL_3DES:
1840 enc="3DES(168)"; 1800 enc="3DES(168)";
1841 break; 1801 break;
1842 case SSL_RC4: 1802 case SSL_RC4:
1843 enc = is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") 1803 enc = alg2 & SSL2_CF_8_BYTE_ENC ? "RC4(64)" : "RC4(128)";
1844 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1845 break; 1804 break;
1846 case SSL_RC2: 1805 case SSL_RC2:
1847 enc = is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; 1806 enc = "RC2(128)";
1848 break; 1807 break;
1849 case SSL_IDEA: 1808 case SSL_IDEA:
1850 enc="IDEA(128)"; 1809 enc="IDEA(128)";
@@ -1903,11 +1862,10 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1903 } 1862 }
1904 1863
1905 if (buf == NULL) 1864 if (buf == NULL)
1906 l = asprintf(&buf, format, cipher->name, ver, kx, au, enc, 1865 l = asprintf(&buf, format, cipher->name, ver, kx, au, enc, mac);
1907 mac, exp_str);
1908 else { 1866 else {
1909 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, 1867 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc,
1910 mac, exp_str); 1868 mac);
1911 if (l >= len) 1869 if (l >= len)
1912 l = -1; 1870 l = -1;
1913 } 1871 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-25 11:21:09 +0000