diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 9ccb4459..40a1f63f 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -188,7 +188,6 @@ extern "C" { /* These are used to specify which ciphers to use and not to use */ -#define SSL_TXT_LOW "LOW" #define SSL_TXT_MEDIUM "MEDIUM" #define SSL_TXT_HIGH "HIGH" #define SSL_TXT_FIPS "FIPS" @@ -224,7 +223,6 @@ extern "C" { #define SSL_TXT_ECDSA "ECDSA" #define SSL_TXT_PSK "PSK" -#define SSL_TXT_DES "DES" #define SSL_TXT_3DES "3DES" #define SSL_TXT_RC4 "RC4" #define SSL_TXT_AES128 "AES128" diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 1cf01508..bd8761e8 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -200,22 +200,6 @@ const SSL_CIPHER ssl3_ciphers[]={ 128, }, -/* Cipher 09 */ - { - 1, - SSL3_TXT_RSA_DES_64_CBC_SHA, - SSL3_CK_RSA_DES_64_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - /* Cipher 0A */ { 1, @@ -232,74 +216,8 @@ const SSL_CIPHER ssl3_ciphers[]={ 168, }, -/* The DH ciphers */ - -/* Cipher 0C */ - { - 1, - SSL3_TXT_DH_DSS_DES_64_CBC_SHA, - SSL3_CK_DH_DSS_DES_64_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 0F */ - { - 1, - SSL3_TXT_DH_RSA_DES_64_CBC_SHA, - SSL3_CK_DH_RSA_DES_64_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - /* The Ephemeral DH ciphers */ -/* Cipher 12 */ - { - 1, - SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, - SSL3_CK_EDH_DSS_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 15 */ - { - 1, - SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, - SSL3_CK_EDH_RSA_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - /* Cipher 18 */ { 1, @@ -316,22 +234,6 @@ const SSL_CIPHER ssl3_ciphers[]={ 128, }, -/* Cipher 1A */ - { - 1, - SSL3_TXT_ADH_DES_64_CBC_SHA, - SSL3_CK_ADH_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - /* New AES ciphersuites */ /* Cipher 2F */ { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index b0fcb97f..4c4419d9 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -147,12 +147,11 @@ #include "ssl_locl.h" -#define SSL_ENC_DES_IDX 0 -#define SSL_ENC_3DES_IDX 1 -#define SSL_ENC_RC4_IDX 2 -#define SSL_ENC_AES128_IDX 3 -#define SSL_ENC_AES256_IDX 4 -#define SSL_ENC_NUM_IDX 5 +#define SSL_ENC_3DES_IDX 0 +#define SSL_ENC_RC4_IDX 1 +#define SSL_ENC_AES128_IDX 2 +#define SSL_ENC_AES256_IDX 3 +#define SSL_ENC_NUM_IDX 4 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]= { 0 }; @@ -239,7 +238,6 @@ static const SSL_CIPHER cipher_aliases[]={ /* symmetric encryption aliases */ - {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0}, {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0}, {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0}, {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0}, @@ -261,7 +259,6 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0}, /* strength classes */ - {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, /* FIPS 140-2 approved ciphersuite */ @@ -270,7 +267,6 @@ static const SSL_CIPHER cipher_aliases[]={ void ssl_load_ciphers(void) { - ssl_cipher_methods[SSL_ENC_DES_IDX]= EVP_des_cbc(); ssl_cipher_methods[SSL_ENC_3DES_IDX]= EVP_des_ede3_cbc(); ssl_cipher_methods[SSL_ENC_RC4_IDX]= EVP_rc4(); ssl_cipher_methods[SSL_ENC_AES128_IDX]= EVP_aes_128_cbc(); @@ -345,9 +341,6 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, switch (c->algorithm_enc) { - case SSL_DES: - i=SSL_ENC_DES_IDX; - break; case SSL_3DES: i=SSL_ENC_3DES_IDX; break; @@ -519,7 +512,6 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un - *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0; @@ -1467,9 +1459,6 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) switch (alg_enc) { - case SSL_DES: - enc="DES(56)"; - break; case SSL_3DES: enc="3DES(168)"; break; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index ff2c96f8..0f6cebc2 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -294,14 +294,13 @@ /* Bits for algorithm_enc (symmetric encryption) */ -#define SSL_DES 0x00000001L -#define SSL_3DES 0x00000002L -#define SSL_RC4 0x00000004L -#define SSL_AES128 0x00000008L -#define SSL_AES256 0x00000010L -#define SSL_AES128GCM 0x00000020L -#define SSL_AES256GCM 0x00000040L -#define SSL_CHACHA20POLY1305 0x00000080L +#define SSL_3DES 0x00000001L +#define SSL_RC4 0x00000002L +#define SSL_AES128 0x00000004L +#define SSL_AES256 0x00000008L +#define SSL_AES128GCM 0x00000010L +#define SSL_AES256GCM 0x00000020L +#define SSL_CHACHA20POLY1305 0x00000040L #define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) @@ -372,7 +371,6 @@ #define SSL_NOT_EXP 0x00000001L -#define SSL_LOW 0x00000020L #define SSL_MEDIUM 0x00000040L #define SSL_HIGH 0x00000080L #define SSL_FIPS 0x00000100L