summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
authorjsing <>2017-08-28 16:37:04 +0000
committerjsing <>2017-08-28 16:37:04 +0000
commit06777404d5d3c9d777364d633ff082f434d357d5 (patch)
tree7a497786c0d665cfdd18ae5f1a51814d2866dc5d /src/lib/libssl/ssl_ciph.c
parent25258122ceacc0befc2dd3c6150cc89fd6c00a7a (diff)
downloadopenbsd-06777404d5d3c9d777364d633ff082f434d357d5.tar.gz
openbsd-06777404d5d3c9d777364d633ff082f434d357d5.tar.bz2
openbsd-06777404d5d3c9d777364d633ff082f434d357d5.zip
Remove the original (pre-IETF) chacha20-poly1305 cipher suites.
Support for the IETF standardised chacha20-poly1305 cipher suites was added 16 months ago, which means they exist in both of the currently supported OpenBSD releases. Also prompted by Andreas Bartelt <obsd at bartula dot de>. ok beck@ doug@
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r--src/lib/libssl/ssl_ciph.c14
1 files changed, 2 insertions, 12 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 49af292d6c..f30ffeaf2c 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.96 2017/03/10 16:03:27 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.97 2017/08/28 16:37:04 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -388,7 +388,7 @@ static const SSL_CIPHER cipher_aliases[] = {
388 }, 388 },
389 { 389 {
390 .name = SSL_TXT_CHACHA20, 390 .name = SSL_TXT_CHACHA20,
391 .algorithm_enc = SSL_CHACHA20POLY1305|SSL_CHACHA20POLY1305_OLD, 391 .algorithm_enc = SSL_CHACHA20POLY1305,
392 }, 392 },
393 393
394 /* MAC aliases */ 394 /* MAC aliases */
@@ -690,9 +690,6 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
690 case SSL_CHACHA20POLY1305: 690 case SSL_CHACHA20POLY1305:
691 *aead = EVP_aead_chacha20_poly1305(); 691 *aead = EVP_aead_chacha20_poly1305();
692 return 1; 692 return 1;
693 case SSL_CHACHA20POLY1305_OLD:
694 *aead = EVP_aead_chacha20_poly1305_old();
695 return 1;
696 default: 693 default:
697 break; 694 break;
698 } 695 }
@@ -1394,8 +1391,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1394 CIPHER_ADD, -1, &head, &tail); 1391 CIPHER_ADD, -1, &head, &tail);
1395 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 1392 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305,
1396 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1393 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1397 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305_OLD,
1398 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1399 } else { 1394 } else {
1400 /* 1395 /*
1401 * CHACHA20 is fast and safe on all hardware and is thus our 1396 * CHACHA20 is fast and safe on all hardware and is thus our
@@ -1403,8 +1398,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1403 */ 1398 */
1404 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 1399 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305,
1405 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1400 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1406 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305_OLD,
1407 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1408 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, 1401 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
1409 CIPHER_ADD, -1, &head, &tail); 1402 CIPHER_ADD, -1, &head, &tail);
1410 } 1403 }
@@ -1628,9 +1621,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1628 case SSL_CHACHA20POLY1305: 1621 case SSL_CHACHA20POLY1305:
1629 enc = "ChaCha20-Poly1305"; 1622 enc = "ChaCha20-Poly1305";
1630 break; 1623 break;
1631 case SSL_CHACHA20POLY1305_OLD:
1632 enc = "ChaCha20-Poly1305-Old";
1633 break;
1634 case SSL_eGOST2814789CNT: 1624 case SSL_eGOST2814789CNT:
1635 enc = "GOST-28178-89-CNT"; 1625 enc = "GOST-28178-89-CNT";
1636 break; 1626 break;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 18:05:18 +0000