From 7d897a1bf2abab32f3e6200ee15930d68ae87ad6 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 16 Mar 2015 01:19:32 -1000 Subject: [PATCH] Replace RC4 in examples with AES-128-GCM. Avoiding superflous references to RC4 makes it easier to audit the code to find unsafe uses of it. It also avoids subtly encouraging users to choose RC4 instead of a better alternative. Change-Id: Ia27d7f4cd465e143d30a28b36c7871f7c30411ea Reviewed-on: https://boringssl-review.googlesource.com/3990 Reviewed-by: Adam Langley --- crypto/cipher/internal.h | 2 +- include/openssl/cipher.h | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/cipher/internal.h b/crypto/cipher/internal.h index b35064e5..e70d9cee 100644 --- a/crypto/cipher/internal.h +++ b/crypto/cipher/internal.h @@ -68,7 +68,7 @@ extern "C" { struct evp_cipher_st { - /* type contains a NID identifing the cipher. (For example, NID_rc4.) */ + /* type contains a NID identifing the cipher. (e.g. NID_aes_128_gcm.) */ int nid; /* block_size contains the block size, in bytes, of the cipher, or 1 for a diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h index 4bdda14c..61c73082 100644 --- a/include/openssl/cipher.h +++ b/include/openssl/cipher.h @@ -237,7 +237,8 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_CIPHER_CTX_cipher( const EVP_CIPHER_CTX *ctx); /* EVP_CIPHER_CTX_nid returns a NID identifying the |EVP_CIPHER| underlying - * |ctx| (e.g. |NID_rc4|). It will crash if no cipher has been configured. */ + * |ctx| (e.g. |NID_aes_128_gcm|). It will crash if no cipher has been + * configured. */ OPENSSL_EXPORT int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); /* EVP_CIPHER_CTX_block_size returns the block size, in bytes, of the cipher @@ -290,7 +291,7 @@ OPENSSL_EXPORT int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *ctx, unsigned k /* Cipher accessors. */ /* EVP_CIPHER_nid returns a NID identifing |cipher|. (For example, - * |NID_rc4|.) */ + * |NID_aes_128_gcm|.) */ OPENSSL_EXPORT int EVP_CIPHER_nid(const EVP_CIPHER *cipher); /* EVP_CIPHER_name returns the short name for |cipher| or NULL if no name is