crypto: Remove some unreachable algorithms

The tls_ciphers table contained a number of algorithms that weren't
referenced in tls_cipher_suites. Remove those. That includes
TLS_CIPHER_IDEA_CBC, which was probably always broken because it was
mapped to CRYPTO_CIPHER_NULL. It also removes RC2, which is an
export-only cipher, despite the file saying it doesn't bother with
exportable ciphers.

That, in turn, removes all references to CRYPTO_CIPHER_ALG_RC2, so
remove that too. The OpenSSL port of CRYPTO_CIPHER_ALG_RC2 probably
never worked anyway because it uses RC2 in ECB mode instead of CBC.

It's likely other removals are possible. tlsv1_common.c has single-DES
ciphers, but tlsv1_client.c and tlsv1_server.c only configure a much
smaller list. There's also a lot of code for TLS_KEY_X_DH_anon, but
those ciphers aren't configured. I've left those alone because I'm not
sure how all this code is used.

Signed-off-by: David Benjamin <davidben@google.com>

diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index 0ac8fc19476aca127ff7a3f2aca3338feb4cc7bd..e6bc7bac3c3fa60838e8bbc8372c3d9a699a6162 100644 (file)
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -217,7 +217,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len);
 
 enum crypto_cipher_alg {
        CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES,
-       CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4
+       CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC4
 };
 
 struct crypto_cipher;

diff --git a/src/crypto/crypto_gnutls.c b/src/crypto/crypto_gnutls.c
index a7a163f5cb2a3bb35255adf48ec14d2d42f4ae57..524d1fe07904b3fea6fa7f978625f1ea04970229 100644 (file)
--- a/src/crypto/crypto_gnutls.c
+++ b/src/crypto/crypto_gnutls.c
@@ -439,14 +439,6 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
                res = gcry_cipher_open(&ctx->enc, a, GCRY_CIPHER_MODE_CBC, 0);
                gcry_cipher_open(&ctx->dec, a, GCRY_CIPHER_MODE_CBC, 0);
                break;
-       case CRYPTO_CIPHER_ALG_RC2:
-               if (key_len == 5)
-                       a = GCRY_CIPHER_RFC2268_40;
-               else
-                       a = GCRY_CIPHER_RFC2268_128;
-               res = gcry_cipher_open(&ctx->enc, a, GCRY_CIPHER_MODE_CBC, 0);
-               gcry_cipher_open(&ctx->dec, a, GCRY_CIPHER_MODE_CBC, 0);
-               break;
        default:
                os_free(ctx);
                return NULL;

diff --git a/src/crypto/crypto_libtomcrypt.c b/src/crypto/crypto_libtomcrypt.c
index fd79c1a40337ab10404dcb64cb1b4a9f7c2ef11e..b14e28260c28d85b8fb0ca21ab62782cab3739fa 100644 (file)
--- a/src/crypto/crypto_libtomcrypt.c
+++ b/src/crypto/crypto_libtomcrypt.c
@@ -315,9 +315,6 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
        case CRYPTO_CIPHER_ALG_DES:
                idx = find_cipher("des");
                break;
-       case CRYPTO_CIPHER_ALG_RC2:
-               idx = find_cipher("rc2");
-               break;
        case CRYPTO_CIPHER_ALG_RC4:
                idx = -1;
                rc4 = 1;

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index d99572ec0d60b274cbcf774a044a197c2fdd29a2..dad48e046130eeb6852087c895d890d107ddd72a 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -961,11 +961,6 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
                cipher = EVP_des_cbc();
                break;
 #endif /* OPENSSL_NO_DES */
-#ifndef OPENSSL_NO_RC2
-       case CRYPTO_CIPHER_ALG_RC2:
-               cipher = EVP_rc2_ecb();
-               break;
-#endif /* OPENSSL_NO_RC2 */
 #ifndef OPENSSL_NO_NULL
        case CRYPTO_CIPHER_NULL:
                cipher = EVP_enc_null();

diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 7a91202ee68369ea217dca884433479c9fa86172..d2541fde517306d9f91801979a21fcac22feec8a 100644 (file)
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -822,7 +822,6 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
                }
                break;
 #endif /* NO_DES3 */
-       case CRYPTO_CIPHER_ALG_RC2:
        case CRYPTO_CIPHER_ALG_DES:
        default:
                os_free(ctx);

diff --git a/src/tls/tlsv1_common.c b/src/tls/tlsv1_common.c
index 0dd8e279994f3d13be9298a34d14721c26fb7e63..c675d02eb232b1c64a56cf96c1d840afc2e3f5cd 100644 (file)
--- a/src/tls/tlsv1_common.c
+++ b/src/tls/tlsv1_common.c
@@ -76,16 +76,8 @@ static const struct tls_cipher_suite tls_cipher_suites[] = {
 static const struct tls_cipher_data tls_ciphers[] = {
        { TLS_CIPHER_NULL,         TLS_CIPHER_STREAM,  0,  0,  0,
          CRYPTO_CIPHER_NULL },
-       { TLS_CIPHER_IDEA_CBC,     TLS_CIPHER_BLOCK,  16, 16,  8,
-         CRYPTO_CIPHER_NULL },
-       { TLS_CIPHER_RC2_CBC_40,   TLS_CIPHER_BLOCK,   5, 16,  0,
-         CRYPTO_CIPHER_ALG_RC2 },
-       { TLS_CIPHER_RC4_40,       TLS_CIPHER_STREAM,  5, 16,  0,
-         CRYPTO_CIPHER_ALG_RC4 },
        { TLS_CIPHER_RC4_128,      TLS_CIPHER_STREAM, 16, 16,  0,
          CRYPTO_CIPHER_ALG_RC4 },
-       { TLS_CIPHER_DES40_CBC,    TLS_CIPHER_BLOCK,   5,  8,  8,
-         CRYPTO_CIPHER_ALG_DES },
        { TLS_CIPHER_DES_CBC,      TLS_CIPHER_BLOCK,   8,  8,  8,
          CRYPTO_CIPHER_ALG_DES },
        { TLS_CIPHER_3DES_EDE_CBC, TLS_CIPHER_BLOCK,  24, 24,  8,

diff --git a/src/tls/tlsv1_common.h b/src/tls/tlsv1_common.h
index 4cfdc2d551590e8bc25b92b5da318227f2a2336f..b68115260069d7d06e7c7175335dc19f7f086a19 100644 (file)
--- a/src/tls/tlsv1_common.h
+++ b/src/tls/tlsv1_common.h
@@ -194,11 +194,7 @@ typedef enum {
 
 typedef enum {
        TLS_CIPHER_NULL,
-       TLS_CIPHER_RC4_40,
        TLS_CIPHER_RC4_128,
-       TLS_CIPHER_RC2_CBC_40,
-       TLS_CIPHER_IDEA_CBC,
-       TLS_CIPHER_DES40_CBC,
        TLS_CIPHER_DES_CBC,
        TLS_CIPHER_3DES_EDE_CBC,
        TLS_CIPHER_AES_128_CBC,