[openssl-commits] [openssl] master update

Wed Jan 28 02:01:08 UTC 2015

The branch master has been updated
       via  646e8c1d6b30a2ed080ce5b968b49d234b42644f (commit)
      from  1a5adcfb5edfe23908b350f8757df405b0f5f71f (commit)


- Log -----------------------------------------------------------------
commit 646e8c1d6b30a2ed080ce5b968b49d234b42644f
Author: Rich Salz <rsalz at openssl.org>
Date:   Tue Jan 27 21:00:03 2015 -0500

    Dead code removal: Fortezza identifiers
    
    Not interested in helping the NSA in the slightest.
    And anyway, it was never implemented, #if'd out.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 doc/apps/ciphers.pod |    5 -----
 ssl/s3_lib.c         |   51 --------------------------------------------------
 ssl/ssl.h            |    5 -----
 3 files changed, 61 deletions(-)

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 5f8dac4..6d39c54 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -246,11 +246,6 @@ carry ECDH keys.
 cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
 keys.
 
-=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
-
-ciphers suites using FORTEZZA key exchange, authentication, encryption or all
-FORTEZZA algorithms. Not implemented.
-
 =item B<TLSv1.2>, B<TLSv1>, B<SSLv3>
 
 TLS v1.2, TLS v1.0 or SSL v3.0 cipher suites respectively. Note:
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 508cf89..3a1377a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -601,57 +601,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      168,
      },
 
-/* Fortezza ciphersuite from SSL 3.0 spec */
-#if 0
-/* Cipher 1C */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_NULL_SHA,
-     SSL3_CK_FZA_DMS_NULL_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-/* Cipher 1D */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_FZA_SHA,
-     SSL3_CK_FZA_DMS_FZA_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_eFZA,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-/* Cipher 1E */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_RC4_SHA,
-     SSL3_CK_FZA_DMS_RC4_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-#endif
-
 #ifndef OPENSSL_NO_KRB5
 /* The Kerberos ciphers*/
 /* Cipher 1E */
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 86f2387..5622860 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -218,11 +218,6 @@ extern "C" {
 # define SSL_TXT_HIGH            "HIGH"
 # define SSL_TXT_FIPS            "FIPS"
 
-# define SSL_TXT_kFZA            "kFZA"/* unused! */
-# define SSL_TXT_aFZA            "aFZA"/* unused! */
-# define SSL_TXT_eFZA            "eFZA"/* unused! */
-# define SSL_TXT_FZA             "FZA"/* unused! */
-
 # define SSL_TXT_aNULL           "aNULL"
 # define SSL_TXT_eNULL           "eNULL"
 # define SSL_TXT_NULL            "NULL"
