[openssl-commits] [openssl] OpenSSL_0_9_8-stable update

Sat Mar 14 17:48:41 UTC 2015

The branch OpenSSL_0_9_8-stable has been updated
       via  c85c1e08ce4148b64a80497525fa5e5efc87d13a (commit)
      from  c2f5de13cd09179169b28179ad1e1cac0e4cd1fb (commit)


- Log -----------------------------------------------------------------
commit c85c1e08ce4148b64a80497525fa5e5efc87d13a
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Sun Mar 8 15:11:33 2015 +0100

    Disable export and SSLv2 ciphers by default
    
    They are moved to the COMPLEMENTOFDEFAULT instead.
    
    Reviewed-by: Dr. Stephen Henson <steve at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 CHANGES              |  3 ++-
 doc/apps/ciphers.pod |  2 +-
 ssl/ssl.h            |  3 +--
 ssl/ssl_ciph.c       | 16 +++++++++++++---
 ssl/ssl_lib.c        |  1 +
 5 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 71856be..c2a3931 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,8 @@
 
  Changes between 0.9.8ze and 0.9.8zf [xx XXX xxxx]
 
-  *)
+  *) Removed the export and SSLv2 ciphers from the DEFAULT ciphers
+     [Kurt Roeckx]
 
  Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015]
 
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 694e433..01d31dd 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -105,7 +105,7 @@ The following is a list of all permitted cipher strings and their meanings.
 =item B<DEFAULT>
 
 the default cipher list. This is determined at compile time and is normally
-B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
+B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH>. This must be the first cipher string
 specified.
 
 =item B<COMPLEMENTOFDEFAULT>
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 29f8870..ee9944f 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -323,8 +323,7 @@ extern "C" {
  * The following cipher list is used by default. It also is substituted when
  * an application-defined cipher list string starts with 'DEFAULT'.
  */
-/* low priority for RC4 */
-# define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH"
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH"
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 # define SSL_SENT_SHUTDOWN       1
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 33a472e..773a5d1 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -174,12 +174,11 @@ static const SSL_CIPHER cipher_aliases[] = {
     {0, SSL_TXT_ALL, 0, SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE,
      SSL_ALL, 0, 0, 0, SSL_ALL, SSL_ALL},
     /*
-     * TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC
-     * cipher suites handled properly.
+     * TODO: COMPLEMENT OF ALL do not have ECC cipher suites handled properly.
      */
     /* COMPLEMENT OF ALL */
     {0, SSL_TXT_CMPALL, 0, SSL_eNULL, 0, 0, 0, 0, SSL_ENC_MASK, 0},
-    {0, SSL_TXT_CMPDEF, 0, SSL_ADH, 0, 0, 0, 0, SSL_AUTH_MASK, 0},
+    {0, SSL_TXT_CMPDEF, 0, SSL_ADH, SSL_EXP_MASK, 0, 0, 0, SSL_AUTH_MASK, 0},
     /* VRS Kerberos5 */
     {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
     {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
@@ -636,6 +635,15 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
         curr2 = curr->next;
 
         cp = curr->cipher;
+        /* Special case: only satisfied by COMPLEMENTOFDEFAULT */
+        if (algo_strength == SSL_EXP_MASK) {
+            if ((SSL_C_IS_EXPORT(cp) || cp->algorithms & SSL_SSLV2
+                || cp->algorithms & SSL_aNULL)
+                && !(cp->algorithms & (SSL_kECDHE|SSL_kECDH)))
+                goto ok;
+            else
+                continue;
+        }
 
         /*
          * If explicit cipher suite, match only that one for its own protocol
@@ -675,6 +683,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
         } else if (strength_bits != cp->strength_bits)
             continue;           /* does not apply */
 
+        ok:
+
 #ifdef CIPHER_DEBUG
         printf("Action = %d\n", rule);
 #endif
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index bdbea75..7182bd2 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1562,6 +1562,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 
     ssl_create_cipher_list(ret->method,
                            &ret->cipher_list, &ret->cipher_list_by_id,
+                           meth->version == SSL2_VERSION ? "SSLv2" :
                            SSL_DEFAULT_CIPHER_LIST);
     if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
