Remove the single IDEA cipher suite. There is no good reason to support

this. ok beck@ bcook@
author: jsing <> 2016-11-06 12:08:32 +0000
committer: jsing <> 2016-11-06 12:08:32 +0000
commit: 20df299cfb457c41a3850f33fcffd5435b0d9e30 (patch)
tree: fc9a0929d6fc3dd82787f0e710b8ad54d4336857 /src
parent: 1f419baa376aacc25d2b1c778bc2edb8540c1068 (diff)
download: openbsd-20df299cfb457c41a3850f33fcffd5435b0d9e30.tar.gz
openbsd-20df299cfb457c41a3850f33fcffd5435b0d9e30.tar.bz2
openbsd-20df299cfb457c41a3850f33fcffd5435b0d9e30.zip
3 files changed, 3 insertions, 29 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 6c4383fb22..8a7a98507a 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.110 2016/11/06 11:58:13 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.111 2016/11/06 12:08:32 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -234,24 +234,6 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 128,
        },
-        /* Cipher 07 */
-#ifndef OPENSSL_NO_IDEA
-        {
-                .valid = 1,
-                .name = SSL3_TXT_RSA_IDEA_128_SHA,
-                .id = SSL3_CK_RSA_IDEA_128_SHA,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_IDEA,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_MEDIUM,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-#endif
        /* Cipher 09 */
        {
                .valid = 1,
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
index 3010a735c9..ee1919c725 100644
--- a/src/lib/libssl/ssl_algs.c
+++ b/src/lib/libssl/ssl_algs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_algs.c,v 1.22 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: ssl_algs.c,v 1.23 2016/11/06 12:08:32 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -71,9 +71,6 @@ SSL_library_init(void)
        EVP_add_cipher(EVP_des_cbc());
        EVP_add_cipher(EVP_des_ede3_cbc());
 #endif
-#ifndef OPENSSL_NO_IDEA
-        EVP_add_cipher(EVP_idea_cbc());
-#endif
 #ifndef OPENSSL_NO_RC4
        EVP_add_cipher(EVP_rc4());
 #if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 2921933c28..af5c83fcaf 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.88 2016/11/06 11:58:13 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.89 2016/11/06 12:08:32 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -479,12 +479,7 @@ ssl_load_ciphers(void)
            EVP_get_cipherbyname(SN_des_ede3_cbc);
        ssl_cipher_methods[SSL_ENC_RC4_IDX] =
            EVP_get_cipherbyname(SN_rc4);
-#ifndef OPENSSL_NO_IDEA
-        ssl_cipher_methods[SSL_ENC_IDEA_IDX] =
-            EVP_get_cipherbyname(SN_idea_cbc);
-#else
        ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL;
-#endif
        ssl_cipher_methods[SSL_ENC_AES128_IDX] =
            EVP_get_cipherbyname(SN_aes_128_cbc);
        ssl_cipher_methods[SSL_ENC_AES256_IDX] =
author	jsing <>	2016-11-06 12:08:32 +0000
committer	jsing <>	2016-11-06 12:08:32 +0000
commit	20df299cfb457c41a3850f33fcffd5435b0d9e30 (patch)
tree	fc9a0929d6fc3dd82787f0e710b8ad54d4336857 /src
parent	1f419baa376aacc25d2b1c778bc2edb8540c1068 (diff)
download	openbsd-20df299cfb457c41a3850f33fcffd5435b0d9e30.tar.gz openbsd-20df299cfb457c41a3850f33fcffd5435b0d9e30.tar.bz2 openbsd-20df299cfb457c41a3850f33fcffd5435b0d9e30.zip