Loading apps/s_server.c +5 −4 Original line number Diff line number Diff line Loading @@ -75,7 +75,7 @@ #include "s_apps.h" #ifndef NOPROTO static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export); static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength); static int sv_body(char *hostname, int s); static int www_body(char *hostname, int s); static void close_accept_socket(void ); Loading Loading @@ -1211,9 +1211,10 @@ err: return(ret); } static RSA MS_CALLBACK *tmp_rsa_cb(s,export) static RSA MS_CALLBACK *tmp_rsa_cb(s,export,keylength) SSL *s; int export; int keylength; { static RSA *rsa_tmp=NULL; Loading @@ -1221,11 +1222,11 @@ int export; { if (!s_quiet) { BIO_printf(bio_err,"Generating temp (512 bit) RSA key..."); BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); BIO_flush(bio_err); } #ifndef NO_RSA rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL); rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); #endif if (!s_quiet) { Loading ssl/s3_lib.c +5 −4 Original line number Diff line number Diff line Loading @@ -752,15 +752,16 @@ STACK *have,*pref; else cert=s->ctx->default_cert; ssl_set_cert_masks(cert); mask=cert->mask; emask=cert->export_mask; sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp); for (i=0; i<sk_num(have); i++) { c=(SSL_CIPHER *)sk_value(have,i); ssl_set_cert_masks(cert,c); mask=cert->mask; emask=cert->export_mask; alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); if (SSL_IS_EXPORT(alg)) { Loading ssl/s3_srvr.c +4 −2 Original line number Diff line number Diff line Loading @@ -945,7 +945,8 @@ SSL *s; if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL)) { rsa=s->ctx->default_cert->rsa_tmp_cb(s, !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)); !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); cert->rsa_tmp=rsa; } Loading @@ -967,7 +968,8 @@ SSL *s; dhp=cert->dh_tmp; if ((dhp == NULL) && (cert->dh_tmp_cb != NULL)) dhp=cert->dh_tmp_cb(s, !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)); !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); if (dhp == NULL) { al=SSL_AD_HANDSHAKE_FAILURE; Loading ssl/ssl.h +5 −6 Original line number Diff line number Diff line Loading @@ -1022,13 +1022,12 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); #define SSL_CTX_set_read_ahead(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL) /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ /* NB: the keylength is only applicable when export is true */ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); RSA *(*cb)(SSL *ssl,int export, int keylength)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl,int export,int keylength)); #ifdef HEADER_COMP_H int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); Loading ssl/ssl_lib.c +27 −22 Original line number Diff line number Diff line Loading @@ -1131,46 +1131,49 @@ int (*cb)(); X509_STORE_set_verify_cb_func(ctx->cert_store,cb); } void ssl_set_cert_masks(c) void ssl_set_cert_masks(c,cipher) CERT *c; SSL_CIPHER *cipher; { CERT_PKEY *cpk; int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; int rsa_enc_export,dh_rsa_export,dh_dsa_export; int rsa_tmp_export,dh_tmp_export; int rsa_tmp_export,dh_tmp_export,kl; unsigned long mask,emask; if ((c == NULL) || (c->valid)) return; kl=SSL_C_EXPORT_PKEYLENGTH(cipher); #ifndef NO_RSA rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0; rsa_tmp_export=((c->rsa_tmp_cb != NULL) || (rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0; rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); rsa_tmp_export=(c->rsa_tmp_cb != NULL || (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); #else rsa_tmp=rsa_tmp_export=0; #endif #ifndef NO_DH dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0; dh_tmp_export=((c->dh_tmp_cb != NULL) || (dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0; dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); dh_tmp_export=(c->dh_tmp_cb != NULL || (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); #else dh_tmp=dh_tmp_export=0; #endif cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); dh_rsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); /* FIX THIS EAY EAY EAY */ dh_dsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); mask=0; emask=0; Loading Loading @@ -1236,13 +1239,13 @@ SSL *s; { unsigned long alg,mask,kalg; CERT *c; int i,_export; int i,export; c=s->cert; ssl_set_cert_masks(c); ssl_set_cert_masks(c,s->s3->tmp.new_cipher); alg=s->s3->tmp.new_cipher->algorithms; _export=SSL_IS_EXPORT(alg); mask=_export?c->export_mask:c->mask; export=SSL_IS_EXPORT(alg); mask=export?c->export_mask:c->mask; kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); if (kalg & SSL_kDHr) Loading Loading @@ -1888,10 +1891,12 @@ SSL *s; return(s->rwstate); } void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,int export)) void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,int export, int keylength)) { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); } void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)) void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export, int keylength)) { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); } #if defined(_WINDLL) && defined(WIN16) Loading Loading
apps/s_server.c +5 −4 Original line number Diff line number Diff line Loading @@ -75,7 +75,7 @@ #include "s_apps.h" #ifndef NOPROTO static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export); static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength); static int sv_body(char *hostname, int s); static int www_body(char *hostname, int s); static void close_accept_socket(void ); Loading Loading @@ -1211,9 +1211,10 @@ err: return(ret); } static RSA MS_CALLBACK *tmp_rsa_cb(s,export) static RSA MS_CALLBACK *tmp_rsa_cb(s,export,keylength) SSL *s; int export; int keylength; { static RSA *rsa_tmp=NULL; Loading @@ -1221,11 +1222,11 @@ int export; { if (!s_quiet) { BIO_printf(bio_err,"Generating temp (512 bit) RSA key..."); BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); BIO_flush(bio_err); } #ifndef NO_RSA rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL); rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); #endif if (!s_quiet) { Loading
ssl/s3_lib.c +5 −4 Original line number Diff line number Diff line Loading @@ -752,15 +752,16 @@ STACK *have,*pref; else cert=s->ctx->default_cert; ssl_set_cert_masks(cert); mask=cert->mask; emask=cert->export_mask; sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp); for (i=0; i<sk_num(have); i++) { c=(SSL_CIPHER *)sk_value(have,i); ssl_set_cert_masks(cert,c); mask=cert->mask; emask=cert->export_mask; alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); if (SSL_IS_EXPORT(alg)) { Loading
ssl/s3_srvr.c +4 −2 Original line number Diff line number Diff line Loading @@ -945,7 +945,8 @@ SSL *s; if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL)) { rsa=s->ctx->default_cert->rsa_tmp_cb(s, !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)); !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); cert->rsa_tmp=rsa; } Loading @@ -967,7 +968,8 @@ SSL *s; dhp=cert->dh_tmp; if ((dhp == NULL) && (cert->dh_tmp_cb != NULL)) dhp=cert->dh_tmp_cb(s, !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)); !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); if (dhp == NULL) { al=SSL_AD_HANDSHAKE_FAILURE; Loading
ssl/ssl.h +5 −6 Original line number Diff line number Diff line Loading @@ -1022,13 +1022,12 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); #define SSL_CTX_set_read_ahead(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL) /* For the next 2, the callbacks are * RSA *tmp_rsa_cb(SSL *ssl,int export) * DH *tmp_dh_cb(SSL *ssl,int export) */ /* NB: the keylength is only applicable when export is true */ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)); RSA *(*cb)(SSL *ssl,int export, int keylength)); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl,int export,int keylength)); #ifdef HEADER_COMP_H int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); Loading
ssl/ssl_lib.c +27 −22 Original line number Diff line number Diff line Loading @@ -1131,46 +1131,49 @@ int (*cb)(); X509_STORE_set_verify_cb_func(ctx->cert_store,cb); } void ssl_set_cert_masks(c) void ssl_set_cert_masks(c,cipher) CERT *c; SSL_CIPHER *cipher; { CERT_PKEY *cpk; int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; int rsa_enc_export,dh_rsa_export,dh_dsa_export; int rsa_tmp_export,dh_tmp_export; int rsa_tmp_export,dh_tmp_export,kl; unsigned long mask,emask; if ((c == NULL) || (c->valid)) return; kl=SSL_C_EXPORT_PKEYLENGTH(cipher); #ifndef NO_RSA rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0; rsa_tmp_export=((c->rsa_tmp_cb != NULL) || (rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0; rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); rsa_tmp_export=(c->rsa_tmp_cb != NULL || (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); #else rsa_tmp=rsa_tmp_export=0; #endif #ifndef NO_DH dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0; dh_tmp_export=((c->dh_tmp_cb != NULL) || (dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0; dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); dh_tmp_export=(c->dh_tmp_cb != NULL || (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); #else dh_tmp=dh_tmp_export=0; #endif cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); dh_rsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); /* FIX THIS EAY EAY EAY */ dh_dsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); mask=0; emask=0; Loading Loading @@ -1236,13 +1239,13 @@ SSL *s; { unsigned long alg,mask,kalg; CERT *c; int i,_export; int i,export; c=s->cert; ssl_set_cert_masks(c); ssl_set_cert_masks(c,s->s3->tmp.new_cipher); alg=s->s3->tmp.new_cipher->algorithms; _export=SSL_IS_EXPORT(alg); mask=_export?c->export_mask:c->mask; export=SSL_IS_EXPORT(alg); mask=export?c->export_mask:c->mask; kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); if (kalg & SSL_kDHr) Loading Loading @@ -1888,10 +1891,12 @@ SSL *s; return(s->rwstate); } void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,int export)) void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,int export, int keylength)) { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); } void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export)) void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export, int keylength)) { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); } #if defined(_WINDLL) && defined(WIN16) Loading
