diff options
| author | jsing <> | 2018-09-03 17:41:13 +0000 |
|---|---|---|
| committer | jsing <> | 2018-09-03 17:41:13 +0000 |
| commit | 209597a55238d18f26193baa01019c0ccd316df1 (patch) | |
| tree | 9312c5bbc5bfebcc47adb7f5ed62cabcd6f01798 | |
| parent | 74037cfe0b7a39300c5c6c415eb6c7ddfac20ad1 (diff) | |
| download | openbsd-209597a55238d18f26193baa01019c0ccd316df1.tar.gz openbsd-209597a55238d18f26193baa01019c0ccd316df1.tar.bz2 openbsd-209597a55238d18f26193baa01019c0ccd316df1.zip | |
Clean up SSL_DES and SSL_IDEA remnants.
All ciphersuites that used these encryption algorithms were removed some
time ago.
ok bcook@ inoguchi@ tb@
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 54 |
1 files changed, 13 insertions, 41 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index cd0e9b0ad6..c39ac302bd 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.99 2018/04/25 07:10:39 tb Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.100 2018/09/03 17:41:13 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -150,23 +150,20 @@ | |||
| 150 | 150 | ||
| 151 | #include "ssl_locl.h" | 151 | #include "ssl_locl.h" |
| 152 | 152 | ||
| 153 | #define SSL_ENC_DES_IDX 0 | 153 | #define SSL_ENC_3DES_IDX 0 |
| 154 | #define SSL_ENC_3DES_IDX 1 | 154 | #define SSL_ENC_RC4_IDX 1 |
| 155 | #define SSL_ENC_RC4_IDX 2 | 155 | #define SSL_ENC_NULL_IDX 2 |
| 156 | #define SSL_ENC_IDEA_IDX 3 | 156 | #define SSL_ENC_AES128_IDX 3 |
| 157 | #define SSL_ENC_NULL_IDX 4 | 157 | #define SSL_ENC_AES256_IDX 4 |
| 158 | #define SSL_ENC_AES128_IDX 5 | 158 | #define SSL_ENC_CAMELLIA128_IDX 5 |
| 159 | #define SSL_ENC_AES256_IDX 6 | 159 | #define SSL_ENC_CAMELLIA256_IDX 6 |
| 160 | #define SSL_ENC_CAMELLIA128_IDX 7 | 160 | #define SSL_ENC_GOST89_IDX 7 |
| 161 | #define SSL_ENC_CAMELLIA256_IDX 8 | 161 | #define SSL_ENC_AES128GCM_IDX 8 |
| 162 | #define SSL_ENC_GOST89_IDX 9 | 162 | #define SSL_ENC_AES256GCM_IDX 9 |
| 163 | #define SSL_ENC_AES128GCM_IDX 10 | 163 | #define SSL_ENC_NUM_IDX 10 |
| 164 | #define SSL_ENC_AES256GCM_IDX 11 | ||
| 165 | #define SSL_ENC_NUM_IDX 12 | ||
| 166 | |||
| 167 | 164 | ||
| 168 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { | 165 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { |
| 169 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | 166 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL |
| 170 | }; | 167 | }; |
| 171 | 168 | ||
| 172 | #define SSL_MD_MD5_IDX 0 | 169 | #define SSL_MD_MD5_IDX 0 |
| @@ -339,10 +336,6 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 339 | 336 | ||
| 340 | /* symmetric encryption aliases */ | 337 | /* symmetric encryption aliases */ |
| 341 | { | 338 | { |
| 342 | .name = SSL_TXT_DES, | ||
| 343 | .algorithm_enc = SSL_DES, | ||
| 344 | }, | ||
| 345 | { | ||
| 346 | .name = SSL_TXT_3DES, | 339 | .name = SSL_TXT_3DES, |
| 347 | .algorithm_enc = SSL_3DES, | 340 | .algorithm_enc = SSL_3DES, |
| 348 | }, | 341 | }, |
| @@ -351,10 +344,6 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 351 | .algorithm_enc = SSL_RC4, | 344 | .algorithm_enc = SSL_RC4, |
| 352 | }, | 345 | }, |
| 353 | { | 346 | { |
| 354 | .name = SSL_TXT_IDEA, | ||
| 355 | .algorithm_enc = SSL_IDEA, | ||
| 356 | }, | ||
| 357 | { | ||
| 358 | .name = SSL_TXT_eNULL, | 347 | .name = SSL_TXT_eNULL, |
| 359 | .algorithm_enc = SSL_eNULL, | 348 | .algorithm_enc = SSL_eNULL, |
| 360 | }, | 349 | }, |
| @@ -461,13 +450,10 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 461 | void | 450 | void |
| 462 | ssl_load_ciphers(void) | 451 | ssl_load_ciphers(void) |
| 463 | { | 452 | { |
| 464 | ssl_cipher_methods[SSL_ENC_DES_IDX] = | ||
| 465 | EVP_get_cipherbyname(SN_des_cbc); | ||
| 466 | ssl_cipher_methods[SSL_ENC_3DES_IDX] = | 453 | ssl_cipher_methods[SSL_ENC_3DES_IDX] = |
| 467 | EVP_get_cipherbyname(SN_des_ede3_cbc); | 454 | EVP_get_cipherbyname(SN_des_ede3_cbc); |
| 468 | ssl_cipher_methods[SSL_ENC_RC4_IDX] = | 455 | ssl_cipher_methods[SSL_ENC_RC4_IDX] = |
| 469 | EVP_get_cipherbyname(SN_rc4); | 456 | EVP_get_cipherbyname(SN_rc4); |
| 470 | ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; | ||
| 471 | ssl_cipher_methods[SSL_ENC_AES128_IDX] = | 457 | ssl_cipher_methods[SSL_ENC_AES128_IDX] = |
| 472 | EVP_get_cipherbyname(SN_aes_128_cbc); | 458 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 473 | ssl_cipher_methods[SSL_ENC_AES256_IDX] = | 459 | ssl_cipher_methods[SSL_ENC_AES256_IDX] = |
| @@ -543,18 +529,12 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 543 | return (0); | 529 | return (0); |
| 544 | 530 | ||
| 545 | switch (c->algorithm_enc) { | 531 | switch (c->algorithm_enc) { |
| 546 | case SSL_DES: | ||
| 547 | i = SSL_ENC_DES_IDX; | ||
| 548 | break; | ||
| 549 | case SSL_3DES: | 532 | case SSL_3DES: |
| 550 | i = SSL_ENC_3DES_IDX; | 533 | i = SSL_ENC_3DES_IDX; |
| 551 | break; | 534 | break; |
| 552 | case SSL_RC4: | 535 | case SSL_RC4: |
| 553 | i = SSL_ENC_RC4_IDX; | 536 | i = SSL_ENC_RC4_IDX; |
| 554 | break; | 537 | break; |
| 555 | case SSL_IDEA: | ||
| 556 | i = SSL_ENC_IDEA_IDX; | ||
| 557 | break; | ||
| 558 | case SSL_eNULL: | 538 | case SSL_eNULL: |
| 559 | i = SSL_ENC_NULL_IDX; | 539 | i = SSL_ENC_NULL_IDX; |
| 560 | break; | 540 | break; |
| @@ -787,10 +767,8 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, | |||
| 787 | *enc |= SSL_eNULL; | 767 | *enc |= SSL_eNULL; |
| 788 | #endif | 768 | #endif |
| 789 | 769 | ||
| 790 | *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0; | ||
| 791 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; | 770 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; |
| 792 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; | 771 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; |
| 793 | *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; | ||
| 794 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; | 772 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; |
| 795 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; | 773 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; |
| 796 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; | 774 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; |
| @@ -1585,18 +1563,12 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1585 | } | 1563 | } |
| 1586 | 1564 | ||
| 1587 | switch (alg_enc) { | 1565 | switch (alg_enc) { |
| 1588 | case SSL_DES: | ||
| 1589 | enc = "DES(56)"; | ||
| 1590 | break; | ||
| 1591 | case SSL_3DES: | 1566 | case SSL_3DES: |
| 1592 | enc = "3DES(168)"; | 1567 | enc = "3DES(168)"; |
| 1593 | break; | 1568 | break; |
| 1594 | case SSL_RC4: | 1569 | case SSL_RC4: |
| 1595 | enc = alg2 & SSL2_CF_8_BYTE_ENC ? "RC4(64)" : "RC4(128)"; | 1570 | enc = alg2 & SSL2_CF_8_BYTE_ENC ? "RC4(64)" : "RC4(128)"; |
| 1596 | break; | 1571 | break; |
| 1597 | case SSL_IDEA: | ||
| 1598 | enc = "IDEA(128)"; | ||
| 1599 | break; | ||
| 1600 | case SSL_eNULL: | 1572 | case SSL_eNULL: |
| 1601 | enc = "None"; | 1573 | enc = "None"; |
| 1602 | break; | 1574 | break; |