Remove support code for export cipher suites.
Now the only case where temporary RSA keys are used on the server end is
non-signing keys.
Change-Id: I55f6c206e798dd28548c386fdffd555ccc395477
Reviewed-on: https://boringssl-review.googlesource.com/1285
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 5fe5a58..91b047a 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -391,14 +391,7 @@
*/
if (ssl_cipher_requires_server_key_exchange(s->s3->tmp.new_cipher) ||
((alg_a & SSL_aPSK) && s->session->psk_identity_hint) ||
- ((alg_k & SSL_kRSA)
- && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
- && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
- )
- )
- )
- )
+ ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)))
{
dtls1_start_timer(s);
ret=ssl3_send_server_key_exchange(s);
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 3ed360d..5ad2589 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1499,14 +1499,6 @@
group = EC_KEY_get0_group(ecdh);
- if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
- (EC_GROUP_get_degree(group) > 163))
- {
- al=SSL_AD_EXPORT_RESTRICTION;
- OPENSSL_PUT_ERROR(SSL, ssl3_get_server_key_exchange, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
- goto f_err;
- }
-
/* Next, get the encoded ECPoint */
if (!CBS_get_u8_length_prefixed(&server_key_exchange, &point))
{
@@ -2866,35 +2858,6 @@
#endif
#endif
- if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
- {
- if (alg_k & SSL_kRSA)
- {
- if (rsa == NULL
- || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
- {
- OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
- goto f_err;
- }
- }
- else
-#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- if (dh == NULL
- || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
- {
- OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_MISSING_EXPORT_TMP_DH_KEY);
- goto f_err;
- }
- }
- else
-#endif
- {
- OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
- }
- }
return(1);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 24298fd..ee85c17 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -218,15 +218,13 @@
unsigned char *p,*mac_secret;
unsigned char exp_key[EVP_MAX_KEY_LENGTH];
unsigned char exp_iv[EVP_MAX_IV_LENGTH];
- unsigned char *ms,*key,*iv,*er1,*er2;
+ unsigned char *ms,*key,*iv;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
const EVP_MD *m;
- EVP_MD_CTX md;
- int is_exp,n,i,j,k,cl;
+ int n,i,j,k,cl;
int reuse_dd = 0;
- is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
/* m == NULL will lead to a crash later */
@@ -268,8 +266,7 @@
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c);
- j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+ j = cl;
/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c);
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
@@ -278,8 +275,6 @@
ms= &(p[ 0]); n=i+i;
key= &(p[ n]); n+=j+j;
iv= &(p[ n]); n+=k+k;
- er1= &(s->s3->client_random[0]);
- er2= &(s->s3->server_random[0]);
}
else
{
@@ -287,8 +282,6 @@
ms= &(p[ n]); n+=i+j;
key= &(p[ n]); n+=j+k;
iv= &(p[ n]); n+=k;
- er1= &(s->s3->server_random[0]);
- er2= &(s->s3->client_random[0]);
}
if (n > s->s3->tmp.key_block_length)
@@ -297,29 +290,7 @@
goto err2;
}
- EVP_MD_CTX_init(&md);
memcpy(mac_secret,ms,i);
- if (is_exp)
- {
- /* In here I set both the read and write key/iv to the
- * same value since only the correct one will be used :-).
- */
- EVP_DigestInit_ex(&md,EVP_md5(), NULL);
- EVP_DigestUpdate(&md,key,j);
- EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL);
- key= &(exp_key[0]);
-
- if (k > 0)
- {
- EVP_DigestInit_ex(&md,EVP_md5(), NULL);
- EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL);
- iv= &(exp_iv[0]);
- }
- }
s->session->key_arg_length=0;
@@ -348,7 +319,6 @@
OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
- EVP_MD_CTX_cleanup(&md);
return(1);
err:
OPENSSL_PUT_ERROR(SSL, ssl3_change_cipher_state, ERR_R_MALLOC_FAILURE);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 34635bc..a305382 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -200,22 +200,6 @@
0,
},
-/* Cipher 03 */
- {
- 1,
- SSL3_TXT_RSA_RC4_40_MD5,
- SSL3_CK_RSA_RC4_40_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_MD5,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 128,
- },
-
/* Cipher 04 */
{
1,
@@ -248,22 +232,6 @@
128,
},
-/* Cipher 06 */
- {
- 1,
- SSL3_TXT_RSA_RC2_40_MD5,
- SSL3_CK_RSA_RC2_40_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC2,
- SSL_MD5,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 128,
- },
-
/* Cipher 07 */
#ifndef OPENSSL_NO_IDEA
{
@@ -282,22 +250,6 @@
},
#endif
-/* Cipher 08 */
- {
- 1,
- SSL3_TXT_RSA_DES_40_CBC_SHA,
- SSL3_CK_RSA_DES_40_CBC_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 56,
- },
-
/* Cipher 09 */
{
1,
@@ -331,21 +283,6 @@
},
/* The DH ciphers */
-/* Cipher 0B */
- {
- 1,
- SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
- SSL3_CK_DH_DSS_DES_40_CBC_SHA,
- SSL_kDHd,
- SSL_aDH,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 56,
- },
/* Cipher 0C */
{
@@ -379,22 +316,6 @@
168,
},
-/* Cipher 0E */
- {
- 1,
- SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
- SSL3_CK_DH_RSA_DES_40_CBC_SHA,
- SSL_kDHr,
- SSL_aDH,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 56,
- },
-
/* Cipher 0F */
{
1,
@@ -428,21 +349,6 @@
},
/* The Ephemeral DH ciphers */
-/* Cipher 11 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
- SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
- SSL_kEDH,
- SSL_aDSS,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 56,
- },
/* Cipher 12 */
{
@@ -476,22 +382,6 @@
168,
},
-/* Cipher 14 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
- SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
- SSL_kEDH,
- SSL_aRSA,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 56,
- },
-
/* Cipher 15 */
{
1,
@@ -524,22 +414,6 @@
168,
},
-/* Cipher 17 */
- {
- 1,
- SSL3_TXT_ADH_RC4_40_MD5,
- SSL3_CK_ADH_RC4_40_MD5,
- SSL_kEDH,
- SSL_aNULL,
- SSL_RC4,
- SSL_MD5,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 128,
- },
-
/* Cipher 18 */
{
1,
@@ -556,22 +430,6 @@
128,
},
-/* Cipher 19 */
- {
- 1,
- SSL3_TXT_ADH_DES_40_CBC_SHA,
- SSL3_CK_ADH_DES_40_CBC_SHA,
- SSL_kEDH,
- SSL_aNULL,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 128,
- },
-
/* Cipher 1A */
{
1,
@@ -1040,105 +898,6 @@
#endif /* OPENSSL_NO_CAMELLIA */
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
- /* New TLS Export CipherSuites from expired ID */
-#if 0
- /* Cipher 60 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_MD5,
- SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 128,
- },
-
- /* Cipher 61 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC2,
- SSL_MD5,
- SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 128,
- },
-#endif
-
- /* Cipher 62 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_DES,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 56,
- },
-
- /* Cipher 63 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kEDH,
- SSL_aDSS,
- SSL_DES,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 56,
- },
-
- /* Cipher 64 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 128,
- },
-
- /* Cipher 65 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kEDH,
- SSL_aDSS,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 128,
- },
-
/* Cipher 66 */
{
1,
@@ -3490,7 +3249,7 @@
int i,ok;
size_t cipher_index;
CERT *cert;
- unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
+ unsigned long alg_k,alg_a,mask_k,mask_a;
/* in_group_flags will either be NULL, or will point to an array of
* bytes which indicate equal-preference groups in the |prio| stack.
* See the comment about |in_group_flags| in the
@@ -3557,8 +3316,6 @@
ssl_set_cert_masks(cert,c);
mask_k = cert->mask_k;
mask_a = cert->mask_a;
- emask_k = cert->export_mask_k;
- emask_a = cert->export_mask_a;
#ifdef KSSL_DEBUG
/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
@@ -3571,22 +3328,11 @@
if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL)
ok = 0;
- if (SSL_C_IS_EXPORT(c))
- {
- ok = ok && (alg_k & emask_k) && (alg_a & emask_a);
+ ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
- (void *)c,c->name);
+ printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
+ c->name);
#endif
- }
- else
- {
- ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
-#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
- c->name);
-#endif
- }
#ifndef OPENSSL_NO_EC
/* if we are considering an ECC cipher suite that uses
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 761e4ce..79ded69 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -385,14 +385,7 @@
*/
if (ssl_cipher_requires_server_key_exchange(s->s3->tmp.new_cipher) ||
((alg_a & SSL_aPSK) && s->session->psk_identity_hint) ||
- ((alg_k & SSL_kRSA)
- && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
- && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
- )
- )
- )
- )
+ ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)))
{
ret=ssl3_send_server_key_exchange(s);
if (ret <= 0) goto end;
@@ -1460,9 +1453,7 @@
rsa=cert->rsa_tmp;
if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
{
- rsa=s->cert->rsa_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+ rsa = s->cert->rsa_tmp_cb(s, 0, 1024);
if(rsa == NULL)
{
al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1486,9 +1477,7 @@
{
dhp=cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
- dhp=s->cert->dh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+ dhp=s->cert->dh_tmp_cb(s, 0, 1024);
if (dhp == NULL)
{
al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1550,9 +1539,7 @@
}
else if ((ecdhp == NULL) && s->cert->ecdh_tmp_cb)
{
- ecdhp=s->cert->ecdh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+ ecdhp = s->cert->ecdh_tmp_cb(s, 0, 1024);
}
if (ecdhp == NULL)
{
@@ -1601,13 +1588,6 @@
goto err;
}
- if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
- (EC_GROUP_get_degree(group) > 163))
- {
- OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
- goto err;
- }
-
/* XXX: For now, we only support ephemeral ECDH
* keys over named (not generic) curves. For
* supported named curves, curve_id is non-zero.
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index e4523c3..7c1227c 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -207,8 +207,6 @@
ret->valid = cert->valid;
ret->mask_k = cert->mask_k;
ret->mask_a = cert->mask_a;
- ret->export_mask_k = cert->export_mask_k;
- ret->export_mask_a = cert->export_mask_a;
if (cert->rsa_tmp != NULL)
{
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index c150044..d1bd001 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1520,14 +1520,13 @@
const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
{
- int is_export,pkl,kl;
- const char *ver,*exp_str;
+ const char *ver;
const char *kx,*au,*enc,*mac;
unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
#ifdef KSSL_DEBUG
- static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
+ static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s AL=%lx/%lx/%lx/%lx/%lx\n";
#else
- static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
+ static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
#endif /* KSSL_DEBUG */
alg_mkey = cipher->algorithm_mkey;
@@ -1538,11 +1537,6 @@
alg2=cipher->algorithm2;
- is_export=SSL_C_IS_EXPORT(cipher);
- pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
- kl=SSL_C_EXPORT_KEYLENGTH(cipher);
- exp_str=is_export?" export":"";
-
if (alg_ssl & SSL_SSLV2)
ver="SSLv2";
else if (alg_ssl & SSL_SSLV3)
@@ -1555,7 +1549,7 @@
switch (alg_mkey)
{
case SSL_kRSA:
- kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
+ kx="RSA";
break;
case SSL_kDHr:
kx="DH/RSA";
@@ -1564,7 +1558,7 @@
kx="DH/DSS";
break;
case SSL_kEDH:
- kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
+ kx="DH";
break;
case SSL_kECDHr:
kx="ECDH/RSA";
@@ -1616,17 +1610,16 @@
switch (alg_enc)
{
case SSL_DES:
- enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
+ enc="DES(56)";
break;
case SSL_3DES:
enc="3DES(168)";
break;
case SSL_RC4:
- enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
- :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
+ enc=(alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)";
break;
case SSL_RC2:
- enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
+ enc="RC2(128)";
break;
case SSL_IDEA:
enc="IDEA(128)";
@@ -1695,9 +1688,9 @@
return("Buffer too small");
#ifdef KSSL_DEBUG
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
+ BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
#else
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
+ BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac);
#endif /* KSSL_DEBUG */
return(buf);
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fffe9e9..93e2c2c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2210,11 +2210,9 @@
{
CERT_PKEY *cpk;
int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
- int rsa_enc_export,dh_rsa_export,dh_dsa_export;
- int rsa_tmp_export,dh_tmp_export,kl;
- unsigned long mask_k,mask_a,emask_k,emask_a;
+ unsigned long mask_k,mask_a;
#ifndef OPENSSL_NO_ECDSA
- int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
+ int have_ecc_cert, ecdsa_ok;
#endif
#ifndef OPENSSL_NO_ECDH
int have_ecdh_tmp, ecdh_ok;
@@ -2226,17 +2224,11 @@
#endif
if (c == NULL) return;
- kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
-
rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
- rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
- (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
#ifndef OPENSSL_NO_DH
dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
- dh_tmp_export=(c->dh_tmp_cb != NULL ||
- (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
#else
- dh_tmp=dh_tmp_export=0;
+ dh_tmp=0;
#endif
#ifndef OPENSSL_NO_ECDH
@@ -2244,28 +2236,21 @@
#endif
cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
rsa_enc= cpk->valid_flags & CERT_PKEY_VALID;
- rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
rsa_sign= cpk->valid_flags & CERT_PKEY_SIGN;
cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
dsa_sign= cpk->valid_flags & CERT_PKEY_SIGN;
cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
dh_rsa= cpk->valid_flags & CERT_PKEY_VALID;
- dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
/* FIX THIS EAY EAY EAY */
dh_dsa= cpk->valid_flags & CERT_PKEY_VALID;
- dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
cpk= &(c->pkeys[SSL_PKEY_ECC]);
#ifndef OPENSSL_NO_EC
have_ecc_cert= cpk->valid_flags & CERT_PKEY_VALID;
#endif
mask_k=0;
mask_a=0;
- emask_k=0;
- emask_a=0;
-
-
#ifdef CIPHER_DEBUG
printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
@@ -2275,48 +2260,35 @@
if (rsa_enc || (rsa_tmp && rsa_sign))
mask_k|=SSL_kRSA;
- if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
- emask_k|=SSL_kRSA;
#if 0
/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
if ( (dh_tmp || dh_rsa || dh_dsa) &&
(rsa_enc || rsa_sign || dsa_sign))
mask_k|=SSL_kEDH;
- if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
- (rsa_enc || rsa_sign || dsa_sign))
- emask_k|=SSL_kEDH;
#endif
- if (dh_tmp_export)
- emask_k|=SSL_kEDH;
-
if (dh_tmp)
mask_k|=SSL_kEDH;
if (dh_rsa) mask_k|=SSL_kDHr;
- if (dh_rsa_export) emask_k|=SSL_kDHr;
if (dh_dsa) mask_k|=SSL_kDHd;
- if (dh_dsa_export) emask_k|=SSL_kDHd;
- if (emask_k & (SSL_kDHr|SSL_kDHd))
+ if (mask_k & (SSL_kDHr|SSL_kDHd))
mask_a |= SSL_aDH;
if (rsa_enc || rsa_sign)
{
mask_a|=SSL_aRSA;
- emask_a|=SSL_aRSA;
}
if (dsa_sign)
{
mask_a|=SSL_aDSS;
- emask_a|=SSL_aDSS;
}
mask_a|=SSL_aNULL;
- emask_a|=SSL_aNULL;
/* An ECC certificate may be usable for ECDH and/or
* ECDSA cipher suites depending on the key usage extension.
@@ -2335,8 +2307,6 @@
if (!(cpk->valid_flags & CERT_PKEY_SIGN))
ecdsa_ok = 0;
ecc_pkey = X509_get_pubkey(x);
- ecc_pkey_size = (ecc_pkey != NULL) ?
- EVP_PKEY_bits(ecc_pkey) : 0;
EVP_PKEY_free(ecc_pkey);
if ((x->sig_alg) && (x->sig_alg->algorithm))
{
@@ -2351,22 +2321,12 @@
{
mask_k|=SSL_kECDHr;
mask_a|=SSL_aECDH;
- if (ecc_pkey_size <= 163)
- {
- emask_k|=SSL_kECDHr;
- emask_a|=SSL_aECDH;
- }
}
if (pk_nid == NID_X9_62_id_ecPublicKey)
{
mask_k|=SSL_kECDHe;
mask_a|=SSL_aECDH;
- if (ecc_pkey_size <= 163)
- {
- emask_k|=SSL_kECDHe;
- emask_a|=SSL_aECDH;
- }
}
}
#endif
@@ -2374,7 +2334,6 @@
if (ecdsa_ok)
{
mask_a|=SSL_aECDSA;
- emask_a|=SSL_aECDSA;
}
#endif
}
@@ -2384,19 +2343,14 @@
if (have_ecdh_tmp)
{
mask_k|=SSL_kEECDH;
- emask_k|=SSL_kEECDH;
}
#endif
mask_k |= SSL_kPSK;
mask_a |= SSL_aPSK;
- emask_k |= SSL_kPSK;
- emask_a |= SSL_aPSK;
c->mask_k=mask_k;
c->mask_a=mask_a;
- c->export_mask_k=emask_k;
- c->export_mask_a=emask_a;
c->valid=1;
}
@@ -2409,24 +2363,12 @@
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
{
unsigned long alg_k, alg_a;
- EVP_PKEY *pkey = NULL;
- int keysize = 0;
int signature_nid = 0, md_nid = 0, pk_nid = 0;
const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
alg_k = cs->algorithm_mkey;
alg_a = cs->algorithm_auth;
- if (SSL_C_IS_EXPORT(cs))
- {
- /* ECDH key length in export ciphers must be <= 163 bits */
- pkey = X509_get_pubkey(x);
- if (pkey == NULL) return 0;
- keysize = EVP_PKEY_bits(pkey);
- EVP_PKEY_free(pkey);
- if (keysize > 163) return 0;
- }
-
/* This call populates the ex_flags field correctly */
X509_check_purpose(x, -1, 0);
if ((x->sig_alg) && (x->sig_alg->algorithm))
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 866e381..7244790 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -408,33 +408,6 @@
/* we have used 000001ff - 23 bits left to go */
-/*
- * Macros to check the export status and cipher strength for export ciphers.
- * Even though the macros for EXPORT and EXPORT40/56 have similar names,
- * their meaning is different:
- * *_EXPORT macros check the 'exportable' status.
- * *_EXPORT40/56 macros are used to check whether a certain cipher strength
- * is given.
- * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
- * algorithm structure element to be passed (algorithms, algo_strength) and no
- * typechecking can be done as they are all of type unsigned long, their
- * direct usage is discouraged.
- * Use the SSL_C_* macros instead.
- */
-#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
-#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
-#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
-#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
-#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
-#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
-
-#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
- (a) == SSL_DES ? 8 : 7)
-#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
-#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
- (c)->algo_strength)
-#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
-
/* Check if an SSL structure is using DTLS */
#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
/* See if we need explicit IV */
@@ -527,8 +500,6 @@
int valid;
unsigned long mask_k;
unsigned long mask_a;
- unsigned long export_mask_k;
- unsigned long export_mask_a;
/* Client only */
unsigned long mask_ssl;
RSA *rsa_tmp;
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 8baf59d..59f70e8 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -412,15 +412,9 @@
const unsigned char *iv, unsigned iv_len)
{
const EVP_CIPHER *cipher = s->s3->tmp.new_sym_enc;
- const char is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) != 0;
EVP_CIPHER_CTX *cipher_ctx;
EVP_MD_CTX *mac_ctx;
- unsigned char export_tmp1[EVP_MAX_KEY_LENGTH];
- unsigned char export_tmp2[EVP_MAX_KEY_LENGTH];
- unsigned char export_iv1[EVP_MAX_IV_LENGTH * 2];
- unsigned char export_iv2[EVP_MAX_IV_LENGTH * 2];
-
if (is_read)
{
if (s->enc_read_ctx != NULL && !SSL_IS_DTLS(s))
@@ -465,59 +459,6 @@
s->s3->write_mac_secret_size = mac_secret_len;
}
- if (is_export)
- {
- /* In here I set both the read and write key/iv to the
- * same value since only the correct one will be used :-).
- */
- const unsigned char *label;
- unsigned label_len;
-
- if (use_client_keys)
- {
- label = (const unsigned char*) TLS_MD_CLIENT_WRITE_KEY_CONST;
- label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
- }
- else
- {
- label = (const unsigned char*) TLS_MD_SERVER_WRITE_KEY_CONST;
- label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
- }
-
- if (!tls1_PRF(ssl_get_algorithm2(s),
- label, label_len,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- NULL, 0, NULL, 0,
- key /* secret */, key_len /* secret length */,
- export_tmp1 /* output */,
- export_tmp2 /* scratch space */,
- EVP_CIPHER_key_length(s->s3->tmp.new_sym_enc) /* output length */))
- return 0;
- key = export_tmp1;
-
- if (iv_len > 0)
- {
- static const unsigned char empty[] = "";
-
- if (!tls1_PRF(ssl_get_algorithm2(s),
- TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- NULL, 0, NULL, 0,
- empty /* secret */ ,0 /* secret length */,
- export_iv1 /* output */,
- export_iv2 /* scratch space */,
- iv_len * 2 /* output length */))
- return 0;
-
- if (use_client_keys)
- iv = export_iv1;
- else
- iv = &export_iv1[iv_len];
- }
- }
-
EVP_PKEY *mac_key =
EVP_PKEY_new_mac_key(s->s3->tmp.new_mac_pkey_type,
NULL, mac_secret, mac_secret_len);
@@ -528,14 +469,6 @@
EVP_CipherInit_ex(cipher_ctx, cipher, NULL /* engine */, key, iv, !is_read);
- if (is_export)
- {
- OPENSSL_cleanse(export_tmp1, sizeof(export_tmp1));
- OPENSSL_cleanse(export_tmp2, sizeof(export_tmp1));
- OPENSSL_cleanse(export_iv1, sizeof(export_iv1));
- OPENSSL_cleanse(export_iv2, sizeof(export_iv2));
- }
-
return 1;
err:
@@ -561,7 +494,6 @@
const EVP_AEAD *aead = s->s3->tmp.new_aead;
unsigned key_len, iv_len, mac_secret_len;
const unsigned char *key_data;
- const char is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) != 0;
/* Reset sequence number to zero. */
if (s->version != DTLS1_VERSION)
@@ -589,8 +521,6 @@
else
{
key_len = EVP_CIPHER_key_length(cipher);
- if (is_export && key_len > SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher))
- key_len = SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher);
if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
