1 files changed, 2 insertions, 53 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 228bf5b2be..2b3d1b8e44 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.55 2014/07/08 21:50:40 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.56 2014/07/09 11:25:42 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -368,63 +368,14 @@
        (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2)
 /*
- * Export and cipher strength information. For each cipher we have to decide
+ * Cipher strength information.
- * whether it is exportable or not. This information is likely to change
- * over time, since the export control rules are no static technical issue.
- *
- * Independent of the export flag the cipher strength is sorted into classes.
- * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
- * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
- * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
- * since SSL_EXP64 could be similar to SSL_LOW.
- * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
- * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
- * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
- * be possible.
 */
-#define SSL_EXP_MASK            0x00000003L
 #define SSL_STRONG_MASK         0x000001fcL
-#define SSL_EXPORT              0x00000002L
 #define SSL_STRONG_NONE         0x00000004L
-#define SSL_EXP40               0x00000008L
-#define SSL_MICRO               (SSL_EXP40)
-#define SSL_EXP56               0x00000010L
-#define SSL_MINI                (SSL_EXP56)
 #define SSL_LOW                 0x00000020L
 #define SSL_MEDIUM              0x00000040L
 #define SSL_HIGH                0x00000080L
-/* we have used 000001ff - 23 bits left to go */
-/*
- * Macros to check the export status and cipher strength for export ciphers.
- * Even though the macros for EXPORT and EXPORT40/56 have similar names,
- * their meaning is different:
- * *_EXPORT macros check the 'exportable' status.
- * *_EXPORT40/56 macros are used to check whether a certain cipher strength
- *          is given.
- * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
- * algorithm structure element to be passed (algorithms, algo_strength) and no
- * typechecking can be done as they are all of type unsigned long, their
- * direct usage is discouraged.
- * Use the SSL_C_* macros instead.
- */
-#define SSL_IS_EXPORT(a)        ((a)&SSL_EXPORT)
-#define SSL_IS_EXPORT56(a)      ((a)&SSL_EXP56)
-#define SSL_IS_EXPORT40(a)      ((a)&SSL_EXP40)
-#define SSL_C_IS_EXPORT(c)      SSL_IS_EXPORT((c)->algo_strength)
-#define SSL_C_IS_EXPORT56(c)    SSL_IS_EXPORT56((c)->algo_strength)
-#define SSL_C_IS_EXPORT40(c)    SSL_IS_EXPORT40((c)->algo_strength)
-#define SSL_EXPORT_KEYLENGTH(a,s)       (SSL_IS_EXPORT40(s) ? 5 : \
-                                 (a) == SSL_DES ? 8 : 7)
-#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
-#define SSL_C_EXPORT_KEYLENGTH(c)       SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
-                                (c)->algo_strength)
-#define SSL_C_EXPORT_PKEYLENGTH(c)      SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
 /* Check if an SSL structure is using DTLS. */
 #define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
@@ -490,8 +441,6 @@ typedef struct cert_st {
        int valid;
        unsigned long mask_k;
        unsigned long mask_a;
-        unsigned long export_mask_k;
-        unsigned long export_mask_a;
        RSA *rsa_tmp;
        RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
        DH *dh_tmp;

diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 228bf5b2be..2b3d1b8e44 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.55 2014/07/08 21:50:40 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.56 2014/07/09 11:25:42 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -368,63 +368,14 @@
368	(((ssl_cipher->algorithm2 >> 24) & 0xf) * 2)	368	(((ssl_cipher->algorithm2 >> 24) & 0xf) * 2)
369		369
370	/*	370	/*
371	* Export and cipher strength information. For each cipher we have to decide	371	* Cipher strength information.
372	* whether it is exportable or not. This information is likely to change
373	* over time, since the export control rules are no static technical issue.
374	*
375	* Independent of the export flag the cipher strength is sorted into classes.
376	* SSL_EXP40 was denoting the 40bit US export limit of past times, which now
377	* is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
378	* again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
379	* since SSL_EXP64 could be similar to SSL_LOW.
380	* For this reason SSL_MICRO and SSL_MINI macros are included to widen the
381	* namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
382	* and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
383	* be possible.
384	*/	372	*/
385	#define SSL_EXP_MASK 0x00000003L
386	#define SSL_STRONG_MASK 0x000001fcL	373	#define SSL_STRONG_MASK 0x000001fcL
387
388	#define SSL_EXPORT 0x00000002L
389
390	#define SSL_STRONG_NONE 0x00000004L	374	#define SSL_STRONG_NONE 0x00000004L
391	#define SSL_EXP40 0x00000008L
392	#define SSL_MICRO (SSL_EXP40)
393	#define SSL_EXP56 0x00000010L
394	#define SSL_MINI (SSL_EXP56)
395	#define SSL_LOW 0x00000020L	375	#define SSL_LOW 0x00000020L
396	#define SSL_MEDIUM 0x00000040L	376	#define SSL_MEDIUM 0x00000040L
397	#define SSL_HIGH 0x00000080L	377	#define SSL_HIGH 0x00000080L
398		378
399	/* we have used 000001ff - 23 bits left to go */
400
401	/*
402	* Macros to check the export status and cipher strength for export ciphers.
403	* Even though the macros for EXPORT and EXPORT40/56 have similar names,
404	* their meaning is different:
405	* *_EXPORT macros check the 'exportable' status.
406	* *_EXPORT40/56 macros are used to check whether a certain cipher strength
407	* is given.
408	* Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
409	* algorithm structure element to be passed (algorithms, algo_strength) and no
410	* typechecking can be done as they are all of type unsigned long, their
411	* direct usage is discouraged.
412	* Use the SSL_C_* macros instead.
413	*/
414	#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
415	#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
416	#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
417	#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
418	#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
419	#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
420
421	#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
422	(a) == SSL_DES ? 8 : 7)
423	#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
424	#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
425	(c)->algo_strength)
426	#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
427
428	/* Check if an SSL structure is using DTLS. */	379	/* Check if an SSL structure is using DTLS. */
429	#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)	380	#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
430		381
@@ -490,8 +441,6 @@ typedef struct cert_st {
490	int valid;	441	int valid;
491	unsigned long mask_k;	442	unsigned long mask_k;
492	unsigned long mask_a;	443	unsigned long mask_a;
493	unsigned long export_mask_k;
494	unsigned long export_mask_a;
495	RSA *rsa_tmp;	444	RSA *rsa_tmp;
496	RSA (rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);	445	RSA (rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
497	DH *dh_tmp;	446	DH *dh_tmp;