#include "s_apps.h"
#ifndef NOPROTO
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength);
static int sv_body(char *hostname, int s);
static int www_body(char *hostname, int s);
static void close_accept_socket(void );
return(ret);
}
-static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
+static RSA MS_CALLBACK *tmp_rsa_cb(s,export,keylength)
SSL *s;
int export;
+int keylength;
{
static RSA *rsa_tmp=NULL;
{
if (!s_quiet)
{
- BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+ BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
BIO_flush(bio_err);
}
#ifndef NO_RSA
- rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
+ rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
#endif
if (!s_quiet)
{
else
cert=s->ctx->default_cert;
- ssl_set_cert_masks(cert);
- mask=cert->mask;
- emask=cert->export_mask;
-
sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
for (i=0; i<sk_num(have); i++)
{
c=(SSL_CIPHER *)sk_value(have,i);
+
+ ssl_set_cert_masks(cert,c);
+ mask=cert->mask;
+ emask=cert->export_mask;
+
alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
if (SSL_IS_EXPORT(alg))
{
if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL))
{
rsa=s->ctx->default_cert->rsa_tmp_cb(s,
- !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
+ !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
cert->rsa_tmp=rsa;
}
dhp=cert->dh_tmp;
if ((dhp == NULL) && (cert->dh_tmp_cb != NULL))
dhp=cert->dh_tmp_cb(s,
- !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
+ !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
if (dhp == NULL)
{
al=SSL_AD_HANDSHAKE_FAILURE;
#define SSL_CTX_set_read_ahead(ctx,m) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
-/* For the next 2, the callbacks are
- * RSA *tmp_rsa_cb(SSL *ssl,int export)
- * DH *tmp_dh_cb(SSL *ssl,int export)
- */
+ /* NB: the keylength is only applicable when export is true */
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
- RSA *(*cb)(SSL *ssl,int export));
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export));
+ RSA *(*cb)(SSL *ssl,int export,
+ int keylength));
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+ DH *(*dh)(SSL *ssl,int export,int keylength));
#ifdef HEADER_COMP_H
int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
}
-void ssl_set_cert_masks(c)
+void ssl_set_cert_masks(c,cipher)
CERT *c;
+SSL_CIPHER *cipher;
{
CERT_PKEY *cpk;
int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
int rsa_enc_export,dh_rsa_export,dh_dsa_export;
- int rsa_tmp_export,dh_tmp_export;
+ int rsa_tmp_export,dh_tmp_export,kl;
unsigned long mask,emask;
if ((c == NULL) || (c->valid)) return;
+ kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
+
#ifndef NO_RSA
- rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0;
- rsa_tmp_export=((c->rsa_tmp_cb != NULL) ||
- (rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0;
+ rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
+ rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
+ (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
#else
rsa_tmp=rsa_tmp_export=0;
#endif
#ifndef NO_DH
- dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0;
- dh_tmp_export=((c->dh_tmp_cb != NULL) ||
- (dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0;
+ dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
+ dh_tmp_export=(c->dh_tmp_cb != NULL ||
+ (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
#else
dh_tmp=dh_tmp_export=0;
#endif
cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
- rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
- rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+ rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
+ rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
- rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+ rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
- dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+ dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
- dh_rsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
- dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+ dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
+ dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
/* FIX THIS EAY EAY EAY */
- dh_dsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
- dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+ dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
+ dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
mask=0;
emask=0;
{
unsigned long alg,mask,kalg;
CERT *c;
- int i,_export;
+ int i,export;
c=s->cert;
- ssl_set_cert_masks(c);
+ ssl_set_cert_masks(c,s->s3->tmp.new_cipher);
alg=s->s3->tmp.new_cipher->algorithms;
- _export=SSL_IS_EXPORT(alg);
- mask=_export?c->export_mask:c->mask;
+ export=SSL_IS_EXPORT(alg);
+ mask=export?c->export_mask:c->mask;
kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
if (kalg & SSL_kDHr)
return(s->rwstate);
}
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,int export))
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,int export,
+ int keylength))
{ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export))
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export,
+ int keylength))
{ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
#if defined(_WINDLL) && defined(WIN16)
RSA *rsa_tmp;
DH *dh_tmp;
- RSA *(*rsa_tmp_cb)();
- DH *(*dh_tmp_cb)();
+ RSA *(*rsa_tmp_cb)(SSL *ssl,int export,int keysize);
+ DH *(*dh_tmp_cb)(SSL *ssl,int export,int keysize);
CERT_PKEY pkeys[SSL_PKEY_NUM];
STACK *cert_chain;
X509 *ssl_get_server_send_cert(SSL *);
EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c);
+void ssl_set_cert_masks(CERT *c,SSL_CIPHER *cipher);
STACK *ssl_get_ciphers_by_id(SSL *s);
int ssl_verify_alarm_type(long type);
#ifndef NOPROTO
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength);
#ifndef NO_DSA
static DH *get_dh512(void);
#endif
}
#endif
-static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
+static RSA MS_CALLBACK *tmp_rsa_cb(s,export,keylength)
SSL *s;
int export;
+int keylength;
{
static RSA *rsa_tmp=NULL;
if (rsa_tmp == NULL)
{
- BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+ BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
BIO_flush(bio_err);
#ifndef NO_RSA
- rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
+ rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
#endif
BIO_printf(bio_err,"\n");
BIO_flush(bio_err);