From c90a1a4bb021e5a2622323df8464bf574d0c4364 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Wed, 9 Jul 2014 11:25:42 +0000 Subject: tedu the SSL export cipher handling - since we do not have enabled export ciphers we no longer need the flags or code to support it. ok beck@ miod@ --- src/lib/libssl/ssl_locl.h | 55 ++--------------------------------------------- 1 file changed, 2 insertions(+), 53 deletions(-) (limited to 'src/lib/libssl/ssl_locl.h') diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 228bf5b2be..2b3d1b8e44 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.55 2014/07/08 21:50:40 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.56 2014/07/09 11:25:42 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -368,63 +368,14 @@ (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2) /* - * Export and cipher strength information. For each cipher we have to decide - * whether it is exportable or not. This information is likely to change - * over time, since the export control rules are no static technical issue. - * - * Independent of the export flag the cipher strength is sorted into classes. - * SSL_EXP40 was denoting the 40bit US export limit of past times, which now - * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change - * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, - * since SSL_EXP64 could be similar to SSL_LOW. - * For this reason SSL_MICRO and SSL_MINI macros are included to widen the - * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed - * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would - * be possible. + * Cipher strength information. */ -#define SSL_EXP_MASK 0x00000003L #define SSL_STRONG_MASK 0x000001fcL - -#define SSL_EXPORT 0x00000002L - #define SSL_STRONG_NONE 0x00000004L -#define SSL_EXP40 0x00000008L -#define SSL_MICRO (SSL_EXP40) -#define SSL_EXP56 0x00000010L -#define SSL_MINI (SSL_EXP56) #define SSL_LOW 0x00000020L #define SSL_MEDIUM 0x00000040L #define SSL_HIGH 0x00000080L -/* we have used 000001ff - 23 bits left to go */ - -/* - * Macros to check the export status and cipher strength for export ciphers. - * Even though the macros for EXPORT and EXPORT40/56 have similar names, - * their meaning is different: - * *_EXPORT macros check the 'exportable' status. - * *_EXPORT40/56 macros are used to check whether a certain cipher strength - * is given. - * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct - * algorithm structure element to be passed (algorithms, algo_strength) and no - * typechecking can be done as they are all of type unsigned long, their - * direct usage is discouraged. - * Use the SSL_C_* macros instead. - */ -#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) -#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) -#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) -#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) -#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) -#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) - -#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ - (a) == SSL_DES ? 8 : 7) -#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) -#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \ - (c)->algo_strength) -#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) - /* Check if an SSL structure is using DTLS. */ #define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) @@ -490,8 +441,6 @@ typedef struct cert_st { int valid; unsigned long mask_k; unsigned long mask_a; - unsigned long export_mask_k; - unsigned long export_mask_a; RSA *rsa_tmp; RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize); DH *dh_tmp; -- cgit v1.2.3-55-g6feb