From 20df299cfb457c41a3850f33fcffd5435b0d9e30 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 6 Nov 2016 12:08:32 +0000 Subject: Remove the single IDEA cipher suite. There is no good reason to support this. ok beck@ bcook@ --- src/lib/libssl/s3_lib.c | 20 +------------------- src/lib/libssl/ssl_algs.c | 5 +---- src/lib/libssl/ssl_ciph.c | 7 +------ 3 files changed, 3 insertions(+), 29 deletions(-) diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 6c4383fb22..8a7a98507a 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.110 2016/11/06 11:58:13 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.111 2016/11/06 12:08:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -234,24 +234,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 128, }, - /* Cipher 07 */ -#ifndef OPENSSL_NO_IDEA - { - .valid = 1, - .name = SSL3_TXT_RSA_IDEA_128_SHA, - .id = SSL3_CK_RSA_IDEA_128_SHA, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_IDEA, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, -#endif - /* Cipher 09 */ { .valid = 1, diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c index 3010a735c9..ee1919c725 100644 --- a/src/lib/libssl/ssl_algs.c +++ b/src/lib/libssl/ssl_algs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_algs.c,v 1.22 2014/12/14 15:30:50 jsing Exp $ */ +/* $OpenBSD: ssl_algs.c,v 1.23 2016/11/06 12:08:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,9 +71,6 @@ SSL_library_init(void) EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); #endif -#ifndef OPENSSL_NO_IDEA - EVP_add_cipher(EVP_idea_cbc()); -#endif #ifndef OPENSSL_NO_RC4 EVP_add_cipher(EVP_rc4()); #if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__)) diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 2921933c28..af5c83fcaf 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.88 2016/11/06 11:58:13 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.89 2016/11/06 12:08:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -479,12 +479,7 @@ ssl_load_ciphers(void) EVP_get_cipherbyname(SN_des_ede3_cbc); ssl_cipher_methods[SSL_ENC_RC4_IDX] = EVP_get_cipherbyname(SN_rc4); -#ifndef OPENSSL_NO_IDEA - ssl_cipher_methods[SSL_ENC_IDEA_IDX] = - EVP_get_cipherbyname(SN_idea_cbc); -#else ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; -#endif ssl_cipher_methods[SSL_ENC_AES128_IDX] = EVP_get_cipherbyname(SN_aes_128_cbc); ssl_cipher_methods[SSL_ENC_AES256_IDX] = -- cgit v1.2.3-55-g6feb