DES-only OpenSSL version: technical aspects

Hello all,

  I'd like to get all of the ciphers that are tagged 'export' as
well as the 56-bit ones that are not.  Eg.:

(list somewhat shortened in width)

EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Enc=DES(56)
EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Enc=DES(56)
DES-CBC-SHA             SSLv3 Kx=RSA      Enc=DES(56)
DES-CBC-MD5             SSLv2 Kx=RSA      Enc=DES(56)
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Enc=DES(40) export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Enc=DES(40) export
EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Enc=DES(40) export
EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Enc=RC2(40) export
EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Enc=RC2(40) export
EXP-RC4-MD5             SSLv3 Kx=RSA(512) Enc=RC4(40) export
EXP-RC4-MD5             SSLv2 Kx=RSA(512) Enc=RC4(40) export

I've tried using these names for Configure, as in:

../Configure no-DHE-RSA-AES256-SHA no-AES256-SHA
no-EDH-RSA-DES-CBC3-SHA no-DES-CBC3-SHA (...) but that results in syntax errors such as:

.../../include/openssl/opensslconf.h:75:31: error: missing ')'
after "defined"

.../../include/openssl/opensslconf.h:75:32: error: missing binary
operator before token "SHA"

Which are due to the presence of dashes in defines such as:

openssl/opensslconf.h
if defined(OPENSSL_NO_AES128-SHA)
if defined(OPENSSL_NO_DHE-RSA-AES128-SHA)

So on so forth.

So, that's seemingly not the way to call ./Configure with the
'no-' option.

Then I tried using:

../Configure no-aes no-rsa no-dss no-rc4 no-rc2

This works, but gives only these two ciphers:

openssl ciphers -v
EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Enc=DES(56)
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Enc=DES(40)  export

What I'm trying to find is how to precisely have all of the
'export' ciphers along with the 56-bit ones not tagged as
exportable.  What would be the proper way to use the Configure
'no-' option to achieve this ?

Thanks again for any suggestions/hints/comments !

Cheers.



      __________________________________________________________________
Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now at
http://ca.toolbar.yahoo.com.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Fred Picher wrote: The OpenSSL configuration tools do not support such limitation.
libcrypto does not support any limitation at all beyond removing
algorithms with the side effects you already noted. RC4 is a 128bit
algorithm. Its 40bit incarnation just uses 88 known bits to fill the
key.
You could adjust the ciphers supported by your own software
by selecting only the export ciphers
  openssl ciphers -v EXP
see "man SSL_CTX_set_cipher_list".
If this is not sufficient you may check out ssl/sslv3.c etc and actually
remove the ciphers you don't want to support in your libssl from the
registration tables.

Best regards,
    Lutz
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Hello,

Thanks for your reply.  

> If this is not sufficient you may check out ssl/sslv3.c etc and
> actually remove the ciphers you don't want to support in your
> libssl from the registration tables.

As a test, I've commented out every cipher definition in
ssl/s3_lib.c, like this example:

The list is:

OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ [...] }

And a typical commented entry is:

/* Cipher 05 */
/*
        {
        1,
        SSL3_TXT_RSA_RC4_128_SHA,
        SSL3_CK_RSA_RC4_128_SHA,
        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
*/

None are left uncommented.  But still, after make clean,
Configure, make depend, make and installation, the system
reports:

openssl ciphers -v
DES-CBC3-MD5            SSLv2 Kx=RSA      Enc=3DES(168) Mac=MD5
RC2-CBC-MD5             SSLv2 Kx=RSA      Enc=RC2(128)  Mac=MD5
RC4-MD5                 SSLv2 Kx=RSA      Enc=RC4(128)  Mac=MD5
DES-CBC-MD5             SSLv2 Kx=RSA      Enc=DES(56)   Mac=MD5
EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Enc=RC2(40)   Mac=MD5  export
EXP-RC4-MD5             SSLv2 Kx=RSA(512) Enc=RC4(40)   Mac=MD5  export

Which is much less than before but, where are these coming from
since eveything is commented out ?  I do not mind that much the
low encryption ciphers, but the first three are a bother.  I can
add more of the low encryption ciphers by uncommenting their
respective declaration, but I cannot get rid of the first three.

Now, 3DES might by somehow dynamically added to the list when DES
is present.  That could make sense and would mean that the actual
DES-specific code would have to be modified to separate 3DES.

Would that be also the case for the two high-crypto RC2 and RC4 ?
Can they be variations added dynamically to the cipher list and
not have a proper static definition in ssl/s3_lib.c ?

Any suggestions/hints/comments are very much appreciated.

Cheers.




      __________________________________________________________________
Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now at
http://ca.toolbar.yahoo.com.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Fred Picher wrote: You did not read the fine print :-) The ciphers listed apply to SSLv2
second column of the output above.
Hence you have to edit ssl/s2_lib.c as well (that was the "etc" :-)

Best regards,
    Lutz
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

On Fri, Aug 15, 2008 at 5:11 PM, Fred Picher <frederificc@...> wrote:
[...]
>> If this is not sufficient you may check out ssl/sslv3.c etc and
>> actually remove the ciphers you don't want to support in your
>> libssl from the registration tables.
>
> As a test, I've commented out every cipher definition in
> ssl/s3_lib.c, like this example:
[...]
> Now, 3DES might by somehow dynamically added to the list when DES
> is present.  That could make sense and would mean that the actual
> DES-specific code would have to be modified to separate 3DES.
[...]

Ahh... This brings back memories... I had to do the same 'selective
compilation' back before 2000 when the USA would prohibit cipher
export at 128 bit and beyond unless you had a specific license.
I know (but can't quote chapter and verse) that those restrictions
have been 'lessened' in that the max. allowable number of bits and
type of ciphers has been increased. Unless you are exporting to Mr.
Bush's axis-of-evil states and other friendly neighbours that are
currently frowned upon by the administration.

Anyway, what I did back then is track down all the 'undesirable' code
in the crypto/*/ directories and add a few lines in each along the
lines of:

#if 0
...
#endif

around all the code (des3 is a prime example and the cipher is
implemented in easily located functions which you can disable this
way).

When done, recompile and let the linker errors (error 666: "missing
function you just #if-nulled :-(") guide you to the code using these
functions and 'strip out' those bits as well using the #if 0 ...
#endif approach (tip: a bit more typing but way safer than /* ... */
commenting code as the latter will be screwed up when you wish to
strip code containing comments itself!).

IIRC most of the use of the ciphers is regulated through neat objects.


Why this approach: just commenting out those ciphers in that list will
not withstand a code review by government officials (something I had
to cope with back then; anal retentiveness has its uses sometimes) as,
without those extra #if 0...#endif additions, you will find that
several bits and pieces of 'restricted software weaponry' may still
show up in the final compiled binary. Which was highly illegal back
then, even if that code was proven to be essentially 'dead code'.
Hence the only way to placate government was to brutally strip the
offending crypto source code lines and then make the remaining OPenSSL
code and makefile cope with this. The #if 0 ... #endif approach was
accepted (as we used a special preprocessor which produced a
'restricted code base' from this by simply discarding all #if 0-ed
code lines.)

This may sound like a daunting task, but back then (was it 0.9.5?) it
was rather easy and I think it still is. Machines are faster now so
your 'make - fix' cycle will be even faster.
Except for 3DES (which sits in the /DES/ subdir, but in separate
source files), each cipher has it's own subdir so that makes things
rather elegant: slap-bang #if 0/#endif around each of those .c sources
in there and you're good to go for an initial round of "make-check
linker errors-fix code". My guestimate is you need around 4 rounds if
you tackle all ciphers in one go.


Just my 0.02 USD.



PS: of course, a nice 'feature' added to your work would be to use a
makefile-provided #define, say -DCUSTOM_ALLOW_GOOD_CRYPTO and use
  #if defined(CUSTOM_ALLOW_GOOD_CRYPTO)
...
  #endif
instead of that overly rude #if 0 ... #endif



--
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--------------------------------------------------
web: http://www.hobbelt.com/
 http://www.hebbut.net/
mail: ger@...
mobile: +31-6-11 120 978
--------------------------------------------------
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

--- On Fri, 8/15/08, Ger Hobbelt <ger@...> wrote:

> Ahh... This brings back memories... I had to do the same
> 'selective compilation' back before 2000 when the USA would
> prohibit cipher export at 128 bit and beyond unless you had a
> specific license.

Ger,

  Many thanks for taking the time to reply in such details.
Lutz's solution works, but when searching for text in the object
files, some restricted keywords would still be shown such as:

strings /usr/lib/libcrypto.so.0.9.8 |grep aes -i|less

AES-128-ECB
aes-128-ecb
AES-128-CBC
aes-128-cbc
AES-128-OFB
aes-128-ofb
[... etc ...]

  Your solution of commenting out every bit (pun intended I
guess) of restricted crypto functionality instead of commenting
out the ciphers only might be the way to get rid of all
references.

  Thanks again for your time - it's appreciated.

Cheers.




      __________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr!

http://www.flickr.com/gift/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Fred,

You're welcome. Best of luck with your Canadian government, er, friends. ;-)

Ger

BTW: nitpicking my own text there: it was restricted to 56 bits tops
back then. Irrelevant though.


On Tue, Aug 19, 2008 at 2:53 PM, Fred Picher <frederificc@...> wrote:

--
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--------------------------------------------------
web: http://www.hobbelt.com/
 http://www.hebbut.net/
mail: ger@...
mobile: +31-6-11 120 978
--------------------------------------------------
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...