git.ipfire.org Git - thirdparty/hostap.git/commit

author	David Benjamin <davidben@google.com>
	Mon, 6 Oct 2025 15:18:39 +0000 (11:18 -0400)
committer	Jouni Malinen <j@w1.fi>
	Mon, 6 Oct 2025 20:54:04 +0000 (23:54 +0300)
commit	c16d20f9d59e0782ddfea79e62904bb79a3ba4f3
tree	b69029acbc2ec738fb514a6b381a95fd874b52ca	tree \| snapshot
parent	41996889f1ad11c3d762c1079b56259c98a90863	commit \| diff

crypto: Remove some unreachable algorithms

The tls_ciphers table contained a number of algorithms that weren't
referenced in tls_cipher_suites. Remove those. That includes
TLS_CIPHER_IDEA_CBC, which was probably always broken because it was
mapped to CRYPTO_CIPHER_NULL. It also removes RC2, which is an
export-only cipher, despite the file saying it doesn't bother with
exportable ciphers.

That, in turn, removes all references to CRYPTO_CIPHER_ALG_RC2, so
remove that too. The OpenSSL port of CRYPTO_CIPHER_ALG_RC2 probably
never worked anyway because it uses RC2 in ECB mode instead of CBC.

It's likely other removals are possible. tlsv1_common.c has single-DES
ciphers, but tlsv1_client.c and tlsv1_server.c only configure a much
smaller list. There's also a lot of code for TLS_KEY_X_DH_anon, but
those ciphers aren't configured. I've left those alone because I'm not
sure how all this code is used.

Signed-off-by: David Benjamin <davidben@google.com>

src/crypto/crypto.h		diff \| blob \| blame \| history
src/crypto/crypto_gnutls.c		diff \| blob \| blame \| history
src/crypto/crypto_libtomcrypt.c		diff \| blob \| blame \| history
src/crypto/crypto_openssl.c		diff \| blob \| blame \| history
src/crypto/crypto_wolfssl.c		diff \| blob \| blame \| history
src/tls/tlsv1_common.c		diff \| blob \| blame \| history
src/tls/tlsv1_common.h		diff \| blob \| blame \| history