From 508ff7f6b4c038c017a7adaf8dd8cda3efe853ec Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Fri, 5 Jan 2018 18:50:09 +0100 Subject: [PATCH] Stop using unimplemented cipher classes. Add comments to no longer usable ciphers. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5023) (cherry picked from commit 643d91fea409b0f010ce990f8f0fac234ae058bc) --- include/openssl/ssl.h | 16 ++++++++-------- ssl/ssl_ciph.c | 4 ---- test/recipes/80-test_ssl_old.t | 2 +- 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 4e7f82f433..4cdcdcf38b 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -95,14 +95,14 @@ extern "C" { # define SSL_TXT_NULL "NULL" # define SSL_TXT_kRSA "kRSA" -# define SSL_TXT_kDHr "kDHr" -# define SSL_TXT_kDHd "kDHd" -# define SSL_TXT_kDH "kDH" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ # define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ # define SSL_TXT_kDHE "kDHE" -# define SSL_TXT_kECDHr "kECDHr" -# define SSL_TXT_kECDHe "kECDHe" -# define SSL_TXT_kECDH "kECDH" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ # define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ # define SSL_TXT_kECDHE "kECDHE" # define SSL_TXT_kPSK "kPSK" @@ -114,8 +114,8 @@ extern "C" { # define SSL_TXT_aRSA "aRSA" # define SSL_TXT_aDSS "aDSS" -# define SSL_TXT_aDH "aDH" -# define SSL_TXT_aECDH "aECDH" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ # define SSL_TXT_aECDSA "aECDSA" # define SSL_TXT_aPSK "aPSK" # define SSL_TXT_aGOST94 "aGOST94" diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index da6e298435..4026d46536 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1384,10 +1384,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - /* - * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, - * &head, &tail); - */ ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 1cce9fb540..97ef82189a 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -424,7 +424,7 @@ sub testssl { subtest "Testing ciphersuites" => sub { my @exkeys = (); - my $ciphers = "-EXP:-PSK:-SRP:-kDH:-kECDHe"; + my $ciphers = "-PSK:-SRP"; if ($no_dh) { note "skipping DHE tests\n"; -- 2.25.1