1 files changed, 3 insertions, 59 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 9df4f8a0c9..a2dec527ca 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.64 2014/07/12 07:52:36 guenther Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.65 2014/07/12 13:11:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -273,11 +273,6 @@ static const SSL_CIPHER cipher_aliases[] = {
        },
        
        {
-                .name = SSL_TXT_kKRB5,
-                .algorithm_mkey = SSL_kKRB5,
-        },
-        
-        {
                .name = SSL_TXT_kECDHr,
                .algorithm_mkey = SSL_kECDHr,
        },
@@ -299,14 +294,6 @@ static const SSL_CIPHER cipher_aliases[] = {
        },
        
        {
-                .name = SSL_TXT_kPSK,
-                .algorithm_mkey = SSL_kPSK,
-        },
-        {
-                .name = SSL_TXT_kSRP,
-                .algorithm_mkey = SSL_kSRP,
-        },
-        {
                .name = SSL_TXT_kGOST,
                .algorithm_mkey = SSL_kGOST,
        },
@@ -325,10 +312,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .algorithm_auth = SSL_aDSS,
        },
        {
-                .name = SSL_TXT_aKRB5,
-                .algorithm_auth = SSL_aKRB5,
-        },
-        {
                .name = SSL_TXT_aNULL,
                .algorithm_auth = SSL_aNULL,
        },
@@ -350,10 +333,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .algorithm_auth = SSL_aECDSA,
        },
        {
-                .name = SSL_TXT_aPSK,
-                .algorithm_auth = SSL_aPSK,
-        },
-        {
                .name = SSL_TXT_aGOST94,
                .algorithm_auth = SSL_aGOST94,
        },
@@ -382,11 +361,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .algorithm_enc = SSL_eNULL,
        },
        {
-                .name = SSL_TXT_KRB5,
-                .algorithm_mkey = SSL_kKRB5,
-                .algorithm_auth = SSL_aKRB5,
-        },
-        {
                .name = SSL_TXT_RSA,
                .algorithm_mkey = SSL_kRSA,
                .algorithm_auth = SSL_aRSA,
@@ -401,16 +375,7 @@ static const SSL_CIPHER cipher_aliases[] = {
                .algorithm_mkey = SSL_kEECDH,
                .algorithm_auth = SSL_aNULL,
        },
-        {
-                .name = SSL_TXT_PSK,
-                .algorithm_mkey = SSL_kPSK,
-                .algorithm_auth = SSL_aPSK,
-        },
-        {
-                .name = SSL_TXT_SRP,
-                .algorithm_mkey = SSL_kSRP,
-        },
-        
        /* symmetric encryption aliases */
        {
                .name = SSL_TXT_DES,
@@ -881,11 +846,7 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long
        *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
        *auth |= SSL_aDH;
-        *mkey |= SSL_kKRB5;
-        *auth |= SSL_aKRB5;
-        *mkey |= SSL_kPSK;
-        *auth |= SSL_aPSK;
-        *mkey |= SSL_kSRP;
        /* Check for presence of GOST 34.10 algorithms, and if they
         * do not present, disable  appropriate auth and key exchange */
        if (!get_optional_pkey_id("gost94")) {
@@ -1515,8 +1476,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
        /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
        ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
-        ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
-        ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
        /* RC4 is sort-of broken -- move the the end */
        ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
@@ -1650,9 +1609,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kDHd:
                kx = "DH/DSS";
                break;
-        case SSL_kKRB5:
-                kx = "KRB5";
-                break;
        case SSL_kEDH:
                kx = "DH";
                break;
@@ -1665,12 +1621,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kEECDH:
                kx = "ECDH";
                break;
-        case SSL_kPSK:
-                kx = "PSK";
-                break;
-        case SSL_kSRP:
-                kx = "SRP";
-                break;
        default:
                kx = "unknown";
        }
@@ -1685,9 +1635,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_aDH:
                au = "DH";
                break;
-        case SSL_aKRB5:
-                au = "KRB5";
-                break;
        case SSL_aECDH:
                au = "ECDH";
                break;
@@ -1697,9 +1644,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_aECDSA:
                au = "ECDSA";
                break;
-        case SSL_aPSK:
-                au = "PSK";
-                break;
        default:
                au = "unknown";
                break;

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 9df4f8a0c9..a2dec527ca 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_ciph.c,v 1.64 2014/07/12 07:52:36 guenther Exp $ */	1	/* $OpenBSD: ssl_ciph.c,v 1.65 2014/07/12 13:11:53 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -273,11 +273,6 @@ static const SSL_CIPHER cipher_aliases[] = {
273	},	273	},
274		274
275	{	275	{
276	.name = SSL_TXT_kKRB5,
277	.algorithm_mkey = SSL_kKRB5,
278	},
279
280	{
281	.name = SSL_TXT_kECDHr,	276	.name = SSL_TXT_kECDHr,
282	.algorithm_mkey = SSL_kECDHr,	277	.algorithm_mkey = SSL_kECDHr,
283	},	278	},
@@ -299,14 +294,6 @@ static const SSL_CIPHER cipher_aliases[] = {
299	},	294	},
300		295
301	{	296	{
302	.name = SSL_TXT_kPSK,
303	.algorithm_mkey = SSL_kPSK,
304	},
305	{
306	.name = SSL_TXT_kSRP,
307	.algorithm_mkey = SSL_kSRP,
308	},
309	{
310	.name = SSL_TXT_kGOST,	297	.name = SSL_TXT_kGOST,
311	.algorithm_mkey = SSL_kGOST,	298	.algorithm_mkey = SSL_kGOST,
312	},	299	},
@@ -325,10 +312,6 @@ static const SSL_CIPHER cipher_aliases[] = {
325	.algorithm_auth = SSL_aDSS,	312	.algorithm_auth = SSL_aDSS,
326	},	313	},
327	{	314	{
328	.name = SSL_TXT_aKRB5,
329	.algorithm_auth = SSL_aKRB5,
330	},
331	{
332	.name = SSL_TXT_aNULL,	315	.name = SSL_TXT_aNULL,
333	.algorithm_auth = SSL_aNULL,	316	.algorithm_auth = SSL_aNULL,
334	},	317	},
@@ -350,10 +333,6 @@ static const SSL_CIPHER cipher_aliases[] = {
350	.algorithm_auth = SSL_aECDSA,	333	.algorithm_auth = SSL_aECDSA,
351	},	334	},
352	{	335	{
353	.name = SSL_TXT_aPSK,
354	.algorithm_auth = SSL_aPSK,
355	},
356	{
357	.name = SSL_TXT_aGOST94,	336	.name = SSL_TXT_aGOST94,
358	.algorithm_auth = SSL_aGOST94,	337	.algorithm_auth = SSL_aGOST94,
359	},	338	},
@@ -382,11 +361,6 @@ static const SSL_CIPHER cipher_aliases[] = {
382	.algorithm_enc = SSL_eNULL,	361	.algorithm_enc = SSL_eNULL,
383	},	362	},
384	{	363	{
385	.name = SSL_TXT_KRB5,
386	.algorithm_mkey = SSL_kKRB5,
387	.algorithm_auth = SSL_aKRB5,
388	},
389	{
390	.name = SSL_TXT_RSA,	364	.name = SSL_TXT_RSA,
391	.algorithm_mkey = SSL_kRSA,	365	.algorithm_mkey = SSL_kRSA,
392	.algorithm_auth = SSL_aRSA,	366	.algorithm_auth = SSL_aRSA,
@@ -401,16 +375,7 @@ static const SSL_CIPHER cipher_aliases[] = {
401	.algorithm_mkey = SSL_kEECDH,	375	.algorithm_mkey = SSL_kEECDH,
402	.algorithm_auth = SSL_aNULL,	376	.algorithm_auth = SSL_aNULL,
403	},	377	},
404	{	378
405	.name = SSL_TXT_PSK,
406	.algorithm_mkey = SSL_kPSK,
407	.algorithm_auth = SSL_aPSK,
408	},
409	{
410	.name = SSL_TXT_SRP,
411	.algorithm_mkey = SSL_kSRP,
412	},
413
414	/* symmetric encryption aliases */	379	/* symmetric encryption aliases */
415	{	380	{
416	.name = SSL_TXT_DES,	381	.name = SSL_TXT_DES,
@@ -881,11 +846,7 @@ ssl_cipher_get_disabled(unsigned long mkey, unsigned long auth, unsigned long
881		846
882	mkey \|= SSL_kDHr\|SSL_kDHd; / no such ciphersuites supported! */	847	mkey \|= SSL_kDHr\|SSL_kDHd; / no such ciphersuites supported! */
883	*auth \|= SSL_aDH;	848	*auth \|= SSL_aDH;
884	*mkey \|= SSL_kKRB5;	849
885	*auth \|= SSL_aKRB5;
886	*mkey \|= SSL_kPSK;
887	*auth \|= SSL_aPSK;
888	*mkey \|= SSL_kSRP;
889	/* Check for presence of GOST 34.10 algorithms, and if they	850	/* Check for presence of GOST 34.10 algorithms, and if they
890	* do not present, disable appropriate auth and key exchange */	851	* do not present, disable appropriate auth and key exchange */
891	if (!get_optional_pkey_id("gost94")) {	852	if (!get_optional_pkey_id("gost94")) {
@@ -1515,8 +1476,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1515	ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);	1476	ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1516	/* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */	1477	/* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
1517	ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);	1478	ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1518	ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1519	ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1520		1479
1521	/* RC4 is sort-of broken -- move the the end */	1480	/* RC4 is sort-of broken -- move the the end */
1522	ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);	1481	ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
@@ -1650,9 +1609,6 @@ SSL_CIPHER_description(const SSL_CIPHER cipher, char buf, int len)
1650	case SSL_kDHd:	1609	case SSL_kDHd:
1651	kx = "DH/DSS";	1610	kx = "DH/DSS";
1652	break;	1611	break;
1653	case SSL_kKRB5:
1654	kx = "KRB5";
1655	break;
1656	case SSL_kEDH:	1612	case SSL_kEDH:
1657	kx = "DH";	1613	kx = "DH";
1658	break;	1614	break;
@@ -1665,12 +1621,6 @@ SSL_CIPHER_description(const SSL_CIPHER cipher, char buf, int len)
1665	case SSL_kEECDH:	1621	case SSL_kEECDH:
1666	kx = "ECDH";	1622	kx = "ECDH";
1667	break;	1623	break;
1668	case SSL_kPSK:
1669	kx = "PSK";
1670	break;
1671	case SSL_kSRP:
1672	kx = "SRP";
1673	break;
1674	default:	1624	default:
1675	kx = "unknown";	1625	kx = "unknown";
1676	}	1626	}
@@ -1685,9 +1635,6 @@ SSL_CIPHER_description(const SSL_CIPHER cipher, char buf, int len)
1685	case SSL_aDH:	1635	case SSL_aDH:
1686	au = "DH";	1636	au = "DH";
1687	break;	1637	break;
1688	case SSL_aKRB5:
1689	au = "KRB5";
1690	break;
1691	case SSL_aECDH:	1638	case SSL_aECDH:
1692	au = "ECDH";	1639	au = "ECDH";
1693	break;	1640	break;
@@ -1697,9 +1644,6 @@ SSL_CIPHER_description(const SSL_CIPHER cipher, char buf, int len)
1697	case SSL_aECDSA:	1644	case SSL_aECDSA:
1698	au = "ECDSA";	1645	au = "ECDSA";
1699	break;	1646	break;
1700	case SSL_aPSK:
1701	au = "PSK";
1702	break;
1703	default:	1647	default:
1704	au = "unknown";	1648	au = "unknown";
1705	break;	1649	break;