summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES5
-rw-r--r--apps/s_server.c47
-rw-r--r--demos/easy_tls/easy-tls.c15
-rw-r--r--demos/easy_tls/easy-tls.h1
-rw-r--r--doc/apps/ciphers.pod32
-rw-r--r--doc/apps/s_server.pod6
-rw-r--r--doc/ssl/SSL_CTX_set_cipher_list.pod5
-rw-r--r--doc/ssl/SSL_CTX_set_options.pod1
-rw-r--r--doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod159
-rw-r--r--doc/ssl/ssl.pod20
-rw-r--r--include/openssl/ssl.h31
-rw-r--r--include/openssl/tls1.h6
-rw-r--r--ssl/s3_enc.c36
-rw-r--r--ssl/s3_lib.c700
-rw-r--r--ssl/ssl_cert.c11
-rw-r--r--ssl/ssl_ciph.c77
-rw-r--r--ssl/ssl_err.c10
-rw-r--r--ssl/ssl_lib.c115
-rw-r--r--ssl/ssl_locl.h81
-rw-r--r--ssl/statem/statem_clnt.c177
-rw-r--r--ssl/statem/statem_srvr.c87
-rw-r--r--ssl/t1_enc.c42
-rw-r--r--test/ssltest.c44
-rwxr-xr-xutil/ssleay.num4
24 files changed, 293 insertions, 1419 deletions
diff --git a/CHANGES b/CHANGES
index c8da88ccd0..56092dc7c5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+ *) Remove support for all 40 and 56 bit ciphers. This includes all the export
+ ciphers who are no longer supported and drops support the ephemeral RSA key
+ exchange. The LOW ciphers currently doesn't have any ciphers in it.
+ [Kurt Roeckx]
+
*) Added ASYNC support. Libcrypto now includes the async sub-library to enable
cryptographic operations to be performed asynchronously as long as an
asynchronous capable engine is used. See the ASYNC_start_job() man page for
diff --git a/apps/s_server.c b/apps/s_server.c
index fd8035de99..4c3ca792e2 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -190,9 +190,6 @@ typedef unsigned int u_int;
# undef FIONBIO
#endif
-#ifndef OPENSSL_NO_RSA
-static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
-#endif
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
static int sv_body(char *hostname, int s, int stype, unsigned char *context);
static int www_body(char *hostname, int s, int stype, unsigned char *context);
@@ -807,7 +804,7 @@ typedef enum OPTION_choice {
OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE,
OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_MSG, OPT_MSGFILE, OPT_TRACE,
OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, OPT_CRLF,
- OPT_QUIET, OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE,
+ OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, OPT_NO_ECDHE,
OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
OPT_SSL3,
@@ -866,7 +863,6 @@ OPTIONS s_server_options[] = {
"Do not load certificates from the default certificates directory"},
{"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
{"quiet", OPT_QUIET, '-', "No server output"},
- {"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"},
{"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
{"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
{"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
@@ -1004,7 +1000,7 @@ int s_server_main(int argc, char *argv[])
#ifndef OPENSSL_NO_DH
int no_dhe = 0;
#endif
- int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0, ret = 1;
+ int no_ecdhe = 0, nocert = 0, ret = 1;
int noCApath = 0, noCAfile = 0;
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
@@ -1295,9 +1291,6 @@ int s_server_main(int argc, char *argv[])
case OPT_BRIEF:
s_quiet = s_brief = verify_quiet = 1;
break;
- case OPT_NO_TMP_RSA:
- no_tmp_rsa = 1;
- break;
case OPT_NO_DHE:
#ifndef OPENSSL_NO_DH
no_dhe = 1;
@@ -1824,13 +1817,6 @@ int s_server_main(int argc, char *argv[])
if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain))
goto end;
}
-#ifndef OPENSSL_NO_RSA
- if (!no_tmp_rsa) {
- SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
- if (ctx2)
- SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
- }
-#endif
if (no_resume_ephemeral) {
SSL_CTX_set_not_resumable_session_callback(ctx,
@@ -3135,35 +3121,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
return (ret);
}
-#ifndef OPENSSL_NO_RSA
-static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
-{
- BIGNUM *bn = NULL;
- static RSA *rsa_tmp = NULL;
-
- if (!rsa_tmp && ((bn = BN_new()) == NULL))
- BIO_printf(bio_err, "Allocation error in generating RSA key\n");
- if (!rsa_tmp && bn) {
- if (!s_quiet) {
- BIO_printf(bio_err, "Generating temp (%d bit) RSA key...",
- keylength);
- (void)BIO_flush(bio_err);
- }
- if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
- !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
- RSA_free(rsa_tmp);
- rsa_tmp = NULL;
- }
- if (!s_quiet) {
- BIO_printf(bio_err, "\n");
- (void)BIO_flush(bio_err);
- }
- BN_free(bn);
- }
- return (rsa_tmp);
-}
-#endif
-
#define MAX_SESSION_ID_ATTEMPTS 10
static int generate_session_id(const SSL *ssl, unsigned char *id,
unsigned int *id_len)
diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c
index e42d28a8c1..00407dd165 100644
--- a/demos/easy_tls/easy-tls.c
+++ b/demos/easy_tls/easy-tls.c
@@ -651,7 +651,6 @@ struct tls_create_ctx_args tls_create_ctx_defaultargs(void)
ret.ca_file = NULL;
ret.verify_depth = -1;
ret.fail_unless_verified = 0;
- ret.export_p = 0;
return ret;
}
@@ -781,20 +780,6 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
/* avoid small subgroup attacks: */
SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE);
}
-#ifndef NO_RSA
- if (!a.client_p && a.export_p) {
- RSA *tmpkey;
-
- tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL);
- if (tmpkey == NULL)
- goto err;
- if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) {
- RSA_free(tmpkey);
- goto err;
- }
- RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */
- }
-#endif
return ret;
diff --git a/demos/easy_tls/easy-tls.h b/demos/easy_tls/easy-tls.h
index 1c587b861c..b1a7b304e4 100644
--- a/demos/easy_tls/easy-tls.h
+++ b/demos/easy_tls/easy-tls.h
@@ -34,7 +34,6 @@ struct tls_create_ctx_args {
const char *ca_file;
int verify_depth;
int fail_unless_verified;
- int export_p;
};
struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
/*
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 963339a9ce..8db0ea5006 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -168,18 +168,6 @@ encryption.
"low" encryption cipher suites, currently those using 64 or 56 bit encryption
algorithms but excluding export cipher suites.
-=item B<EXP>, B<EXPORT>
-
-export encryption algorithms. Including 40 and 56 bits algorithms.
-
-=item B<EXPORT40>
-
-40 bit export encryption algorithms
-
-=item B<EXPORT56>
-
-56 bit export encryption algorithms. This list is empty.
-
=item B<eNULL>, B<NULL>
the "NULL" ciphers that is those offering no encryption. Because these offer no
@@ -387,12 +375,9 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
SSL_RSA_WITH_NULL_MD5 NULL-MD5
SSL_RSA_WITH_NULL_SHA NULL-SHA
- SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
SSL_RSA_WITH_RC4_128_SHA RC4-SHA
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
- SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
@@ -400,16 +385,12 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA
SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA
- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
- SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-RSA-DES-CBC-SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
- SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
- SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
@@ -421,31 +402,22 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
TLS_RSA_WITH_NULL_MD5 NULL-MD5
TLS_RSA_WITH_NULL_SHA NULL-SHA
- TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
TLS_RSA_WITH_RC4_128_SHA RC4-SHA
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
- TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
- TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
- TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
- TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
- TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-RSA-DES-CBC-SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
- TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
- TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
@@ -511,10 +483,6 @@ algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
Note: these ciphers can also be used in SSL v3.
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA
- TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
=head2 Elliptic curve cipher suites.
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index 706e039b5a..c1a1d1a022 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -66,7 +66,6 @@ B<openssl> B<s_server>
[B<-cipher cipherlist>]
[B<-serverpref>]
[B<-quiet>]
-[B<-no_tmp_rsa>]
[B<-ssl3>]
[B<-tls1>]
[B<-dtls>]
@@ -186,11 +185,6 @@ disabling the ephemeral DH cipher suites.
if this option is set then no ECDH parameters will be loaded effectively
disabling the ephemeral ECDH cipher suites.
-=item B<-no_tmp_rsa>
-
-certain export cipher suites sometimes use a temporary RSA key, this option
-disables temporary RSA key generation.
-
=item B<-crl_check>, B<-crl_check_all>
Check the peer certificate has not been revoked by its CA.
diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod
index ccd10c820a..338323290e 100644
--- a/doc/ssl/SSL_CTX_set_cipher_list.pod
+++ b/doc/ssl/SSL_CTX_set_cipher_list.pod
@@ -37,10 +37,6 @@ ADH ciphers don't need a certificate, but DH-parameters must have been set.
All other ciphers need a corresponding certificate and key.
A RSA cipher can only be chosen, when a RSA certificate is available.
-RSA export ciphers with a keylength of 512 bits for the RSA key require
-a temporary 512 bit RSA key, as typically the supplied key has a length
-of 1024 bit (see
-L<SSL_CTX_set_tmp_rsa_callback(3)>).
RSA ciphers using DHE need a certificate and key and additional DH-parameters
(see L<SSL_CTX_set_tmp_dh_callback(3)>).
@@ -63,7 +59,6 @@ could be selected and 0 on complete failure.
L<ssl(3)>, L<SSL_get_ciphers(3)>,
L<SSL_CTX_use_certificate(3)>,
-L<SSL_CTX_set_tmp_rsa_callback(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)>,
L<ciphers(1)>
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index 7754e75bfb..cf137a5ed4 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -269,7 +269,6 @@ secure renegotiation and 0 if it does not.
L<ssl(3)>, L<SSL_new(3)>, L<SSL_clear(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)>,
-L<SSL_CTX_set_tmp_rsa_callback(3)>,
L<dhparam(1)>
=head1 HISTORY
diff --git a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
deleted file mode 100644
index 296699d8f0..0000000000
--- a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
+++ /dev/null
@@ -1,159 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
- RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
- long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
- long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
-
- void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
- RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
- long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
- long SSL_need_tmp_rsa(SSL *ssl)
-
- RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be
-used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>.
-The callback is inherited by all SSL objects newly created from B<ctx>
-with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
-
-SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be
-B<rsa>. The key is inherited by all SSL objects newly created from B<ctx>
-with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
-
-SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed
-for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
-with a keysize larger than 512 bits is installed.
-
-SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>.
-
-SSL_set_tmp_rsa() sets the key only for B<ssl>.
-
-SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed,
-for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
-with a keysize larger than 512 bits is installed.
-
-These functions apply to SSL/TLS servers only.
-
-=head1 NOTES
-
-When using a cipher with RSA authentication, an ephemeral RSA key exchange
-can take place. In this case the session data are negotiated using the
-ephemeral/temporary RSA key and the RSA key supplied and certified
-by the certificate chain is only used for signing.
-
-Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
-than the usual key length of 1024 bits were created. To use these ciphers
-with RSA keys of usual length, an ephemeral key exchange must be performed,
-as the normal (certified) key cannot be directly used.
-
-Using ephemeral RSA key exchange yields forward secrecy, as the connection
-can only be decrypted, when the RSA key is known. By generating a temporary
-RSA key inside the server application that is lost when the application
-is left, it becomes impossible for an attacker to decrypt past sessions,
-even if he gets hold of the normal (certified) RSA key, as this key was
-used for signing only. The downside is that creating a RSA key is
-computationally expensive.
-
-Additionally, the use of ephemeral RSA key exchange is only allowed in
-the TLS standard, when the RSA key can be used for signing only, that is
-for export ciphers. Using ephemeral RSA key exchange for other purposes
-violates the standard and can break interoperability with clients.
-It is therefore strongly recommended to not use ephemeral RSA key
-exchange and use DHE (Ephemeral Diffie-Hellman) key exchange instead
-in order to achieve forward secrecy (see
-L<SSL_CTX_set_tmp_dh_callback(3)>).
-
-An application may either directly specify the key or can supply the key via a
-callback function. The callback approach has the advantage, that the callback
-may generate the key only in case it is actually needed. As the generation of a
-RSA key is however costly, it will lead to a significant delay in the handshake
-procedure. Another advantage of the callback function is that it can supply
-keys of different size while the explicit setting of the key is only useful for
-key size of 512 bits to satisfy the export restricted ciphers and does give
-away key length if a longer key would be allowed.
-
-The B<tmp_rsa_callback> is called with the B<keylength> needed and
-the B<is_export> information. The B<is_export> flag is set, when the
-ephemeral RSA key exchange is performed with an export cipher.
-
-=head1 EXAMPLES
-
-Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the
-generation of a RSA key costs a lot of computer time, they saved for later
-reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
-respectively are generated.
-
- ...
- /* Set up ephemeral RSA stuff */
- RSA *rsa_512 = NULL;
- RSA *rsa_1024 = NULL;
-
- rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
- if (rsa_512 == NULL)
- evaluate_error_queue();
-
- rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
- if (rsa_1024 == NULL)
- evaluate_error_queue();
-
- ...
-
- RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
- {
- RSA *rsa_tmp=NULL;
-
- switch (keylength) {
- case 512:
- if (rsa_512)
- rsa_tmp = rsa_512;
- else { /* generate on the fly, should not happen in this example */
- rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
- rsa_512 = rsa_tmp; /* Remember for later reuse */
- }
- break;
- case 1024:
- if (rsa_1024)
- rsa_tmp=rsa_1024;
- else
- should_not_happen_in_this_example();
- break;
- default:
- /* Generating a key on the fly is very costly, so use what is there */
- if (rsa_1024)
- rsa_tmp=rsa_1024;
- else
- rsa_tmp=rsa_512; /* Use at least a shorter key */
- }
- return(rsa_tmp);
- }
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return
-diagnostic output.
-
-SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0
-on failure. Check the error queue to find out the reason of failure.
-
-SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary
-RSA key is needed and 0 otherwise.
-
-=head1 SEE ALSO
-
-L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>,
-L<SSL_CTX_set_options(3)>,
-L<SSL_CTX_set_tmp_dh_callback(3)>,
-L<SSL_new(3)>, L<ciphers(1)>
-
-=cut
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 421d50066d..19819f134d 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -331,25 +331,6 @@ Use the file path to locate trusted CA certficates.
=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
-=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
-
-=item SSL_CTX_set_tmp_rsa_callback
-
-C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
-
-Sets the callback which will be called when a temporary private key is
-required. The B<C<export>> flag will be set if the reason for needing
-a temp key is that an export ciphersuite is in use, in which case,
-B<C<keylength>> will contain the required keylength in bits. Generate a key of
-appropriate size (using ???) and return it.
-
-=item SSL_set_tmp_rsa_callback
-
-long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
-
-The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
-session instead of a context.
-
=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
@@ -713,7 +694,6 @@ L<SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_set_session_id_context(3)>,
L<SSL_CTX_set_ssl_version(3)>,
L<SSL_CTX_set_timeout(3)>,
-L<SSL_CTX_set_tmp_rsa_callback(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)>,
L<SSL_CTX_set_verify(3)>,
L<SSL_CTX_use_certificate(3)>,
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index e4a22dcfbd..1fb59481b5 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -181,8 +181,6 @@ extern "C" {
/* These are used to specify which ciphers to use and not to use */
-# define SSL_TXT_EXP40 "EXPORT40"
-# define SSL_TXT_EXP56 "EXPORT56"
# define SSL_TXT_LOW "LOW"
# define SSL_TXT_MEDIUM "MEDIUM"
# define SSL_TXT_HIGH "HIGH"
@@ -268,9 +266,6 @@ extern "C" {
# define SSL_TXT_TLSV1_1 "TLSv1.1"
# define SSL_TXT_TLSV1_2 "TLSv1.2"
-# define SSL_TXT_EXP "EXP"
-# define SSL_TXT_EXPORT "EXPORT"
-
# define SSL_TXT_ALL "ALL"
/*-
@@ -1113,11 +1108,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_ERROR_WANT_CONNECT 7
# define SSL_ERROR_WANT_ACCEPT 8
# define SSL_ERROR_WANT_ASYNC 9
-# define SSL_CTRL_NEED_TMP_RSA 1
-# define SSL_CTRL_SET_TMP_RSA 2
# define SSL_CTRL_SET_TMP_DH 3
# define SSL_CTRL_SET_TMP_ECDH 4
-# define SSL_CTRL_SET_TMP_RSA_CB 5
# define SSL_CTRL_SET_TMP_DH_CB 6
# define SSL_CTRL_GET_SESSION_REUSED 8
# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
@@ -1242,10 +1234,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
# define SSL_total_renegotiations(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
-# define SSL_CTX_need_tmp_RSA(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-# define SSL_CTX_set_tmp_rsa(ctx,rsa) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
# define SSL_CTX_set_tmp_dh(ctx,dh) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
@@ -1254,10 +1242,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
# define SSL_set_dh_auto(s, onoff) \
SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
-# define SSL_need_tmp_RSA(ssl) \
- SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-# define SSL_set_tmp_rsa(ssl,rsa) \
- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
# define SSL_set_tmp_dh(ssl,dh) \
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
# define SSL_set_tmp_ecdh(ssl,ecdh) \
@@ -1749,15 +1733,6 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
/* NB: the keylength is only applicable when is_export is true */
-# ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
- RSA *(*cb) (SSL *ssl, int is_export,
- int keylength));
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,
- RSA *(*cb) (SSL *ssl, int is_export,
- int keylength));
-# endif
# ifndef OPENSSL_NO_DH
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
DH *(*dh) (SSL *ssl, int is_export,
@@ -2259,7 +2234,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_EE_KEY_TOO_SMALL 399
# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
-# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
# define SSL_R_EXTRA_DATA_IN_MESSAGE 153
@@ -2294,16 +2268,12 @@ void ERR_load_SSL_strings(void);
# define SSL_R_MISSING_DSA_SIGNING_CERT 165
# define SSL_R_MISSING_ECDH_CERT 382
# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381
-# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
-# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
# define SSL_R_MISSING_RSA_CERTIFICATE 168
# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
# define SSL_R_MISSING_RSA_SIGNING_CERT 170
# define SSL_R_MISSING_SRP_PARAM 358
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
-# define SSL_R_MISSING_TMP_RSA_KEY 172
-# define SSL_R_MISSING_TMP_RSA_PKEY 173
# define SSL_R_MISSING_VERIFY_MESSAGE 174
# define SSL_R_MULTIPLE_SGC_RESTARTS 346
# define SSL_R_NO_CERTIFICATES_RETURNED 176
@@ -2395,7 +2365,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
-# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index cdc56c634b..3bbd1f107e 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -658,12 +658,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
* using DHE everywhere, though we may indefinitely maintain aliases for
* users or configurations that used "EDH"
*/
-# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
-# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
-# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
-# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
-# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
-# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA"
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 850f76d12d..31c89182e7 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -197,18 +197,16 @@ int ssl3_change_cipher_state(SSL *s, int which)
unsigned char *p, *mac_secret;
unsigned char exp_key[EVP_MAX_KEY_LENGTH];
unsigned char exp_iv[EVP_MAX_IV_LENGTH];
- unsigned char *ms, *key, *iv, *er1, *er2;
+ unsigned char *ms, *key, *iv;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
#ifndef OPENSSL_NO_COMP
COMP_METHOD *comp;
#endif
const EVP_MD *m;
- EVP_MD_CTX md;
- int is_exp, n, i, j, k, cl;
+ int n, i, j, k, cl;
int reuse_dd = 0;
- is_exp = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c = s->s3->tmp.new_sym_enc;
m = s->s3->tmp.new_hash;
/* m == NULL will lead to a crash later */
@@ -295,9 +293,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
if (i < 0)
goto err2;
cl = EVP_CIPHER_key_length(c);
- j = is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
- /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
+ j = cl;
k = EVP_CIPHER_iv_length(c);
if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
(which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
@@ -307,8 +303,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
n += j + j;
iv = &(p[n]);
n += k + k;
- er1 = &(s->s3->client_random[0]);
- er2 = &(s->s3->server_random[0]);
} else {
n = i;
ms = &(p[n]);
@@ -317,8 +311,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
n += j + k;
iv = &(p[n]);
n += k;
- er1 = &(s->s3->server_random[0]);
- er2 = &(s->s3->client_random[0]);
}
if (n > s->s3->tmp.key_block_length) {
@@ -326,28 +318,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto err2;
}
- EVP_MD_CTX_init(&md);
memcpy(mac_secret, ms, i);
- if (is_exp) {
- /*
- * In here I set both the read and write key/iv to the same value
- * since only the correct one will be used :-).
- */
- EVP_DigestInit_ex(&md, EVP_md5(), NULL);
- EVP_DigestUpdate(&md, key, j);
- EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL);
- key = &(exp_key[0]);
-
- if (k > 0) {
- EVP_DigestInit_ex(&md, EVP_md5(), NULL);
- EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL);
- iv = &(exp_iv[0]);
- }
- }
EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));
@@ -370,7 +341,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
- EVP_MD_CTX_cleanup(&md);
return (1);
err:
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index d89cdfabab..24cf5f0322 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -173,7 +173,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL,
SSL_MD5,