Remove CECPQ1 (experimental post-quantum key agreement).
Change-Id: Ie947ab176d10feb709c6e135d5241c6cf605b8e8
Reviewed-on: https://boringssl-review.googlesource.com/12700
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 99aba72..5223721 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -378,52 +378,6 @@
SSL_HANDSHAKE_MAC_SHA256,
},
- /* CECPQ1 (combined elliptic curve + post-quantum) suites. */
-
- /* Cipher 16B7 */
- {
- TLS1_TXT_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256,
- TLS1_CK_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256,
- SSL_kCECPQ1,
- SSL_aRSA,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- SSL_HANDSHAKE_MAC_SHA256,
- },
-
- /* Cipher 16B8 */
- {
- TLS1_TXT_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
- TLS1_CK_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
- SSL_kCECPQ1,
- SSL_aECDSA,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- SSL_HANDSHAKE_MAC_SHA256,
- },
-
- /* Cipher 16B9 */
- {
- TLS1_TXT_CECPQ1_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_CECPQ1_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kCECPQ1,
- SSL_aRSA,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_HANDSHAKE_MAC_SHA384,
- },
-
- /* Cipher 16BA */
- {
- TLS1_TXT_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384,
- SSL_kCECPQ1,
- SSL_aECDSA,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_HANDSHAKE_MAC_SHA384,
- },
-
/* Cipher C009 */
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
@@ -679,9 +633,8 @@
} CIPHER_ALIAS;
static const CIPHER_ALIAS kCipherAliases[] = {
- /* "ALL" doesn't include eNULL nor kCECPQ1. These must be explicitly
- * enabled. */
- {"ALL", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, 0},
+ /* "ALL" doesn't include eNULL. It must be explicitly enabled. */
+ {"ALL", ~0u, ~0u, ~SSL_eNULL, ~0u, 0},
/* The "COMPLEMENTOFDEFAULT" rule is omitted. It matches nothing. */
@@ -696,16 +649,15 @@
{"DH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
{"kECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
- {"kCECPQ1", SSL_kCECPQ1, ~0u, ~0u, ~0u, 0},
{"kEECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
{"ECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
{"kPSK", SSL_kPSK, ~0u, ~0u, ~0u, 0},
/* server authentication aliases */
- {"aRSA", ~SSL_kCECPQ1, SSL_aRSA, ~SSL_eNULL, ~0u, 0},
- {"aECDSA", ~SSL_kCECPQ1, SSL_aECDSA, ~0u, ~0u, 0},
- {"ECDSA", ~SSL_kCECPQ1, SSL_aECDSA, ~0u, ~0u, 0},
+ {"aRSA", ~0u, SSL_aRSA, ~SSL_eNULL, ~0u, 0},
+ {"aECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, 0},
+ {"ECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, 0},
{"aPSK", ~0u, SSL_aPSK, ~0u, ~0u, 0},
/* aliases combining key exchange and server authentication */
@@ -719,28 +671,28 @@
/* symmetric encryption aliases */
{"3DES", ~0u, ~0u, SSL_3DES, ~0u, 0},
{"AES128", ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, 0},
- {"AES256", ~SSL_kCECPQ1, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, 0},
- {"AES", ~SSL_kCECPQ1, ~0u, SSL_AES, ~0u, 0},
- {"AESGCM", ~SSL_kCECPQ1, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, 0},
- {"CHACHA20", ~SSL_kCECPQ1, ~0u, SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_OLD, ~0u,
+ {"AES256", ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, 0},
+ {"AES", ~0u, ~0u, SSL_AES, ~0u, 0},
+ {"AESGCM", ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, 0},
+ {"CHACHA20", ~0u, ~0u, SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_OLD, ~0u,
0},
/* MAC aliases */
{"MD5", ~0u, ~0u, ~0u, SSL_MD5, 0},
{"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
{"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
- {"SHA256", ~SSL_kCECPQ1, ~0u, ~0u, SSL_SHA256, 0},
- {"SHA384", ~SSL_kCECPQ1, ~0u, ~0u, SSL_SHA384, 0},
+ {"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
+ {"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, 0},
/* Legacy protocol minimum version aliases. "TLSv1" is intentionally the
* same as "SSLv3". */
- {"SSLv3", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
- {"TLSv1", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
- {"TLSv1.2", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, TLS1_2_VERSION},
+ {"SSLv3", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
+ {"TLSv1", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
+ {"TLSv1.2", ~0u, ~0u, ~SSL_eNULL, ~0u, TLS1_2_VERSION},
/* Legacy strength classes. */
- {"HIGH", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, 0},
- {"FIPS", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, 0},
+ {"HIGH", ~0u, ~0u, ~SSL_eNULL, ~0u, 0},
+ {"FIPS", ~0u, ~0u, ~SSL_eNULL, ~0u, 0},
};
static const size_t kCipherAliasesLen = OPENSSL_ARRAY_SIZE(kCipherAliases);
@@ -1574,10 +1526,6 @@
return (cipher->algorithm_mkey & SSL_kECDHE) != 0;
}
-int SSL_CIPHER_is_CECPQ1(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_mkey & SSL_kCECPQ1) != 0;
-}
-
uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher) {
if (cipher->algorithm_mkey == SSL_kGENERIC ||
cipher->algorithm_auth == SSL_aGENERIC) {
@@ -1640,17 +1588,6 @@
return "UNKNOWN";
}
- case SSL_kCECPQ1:
- switch (cipher->algorithm_auth) {
- case SSL_aECDSA:
- return "CECPQ1_ECDSA";
- case SSL_aRSA:
- return "CECPQ1_RSA";
- default:
- assert(0);
- return "UNKNOWN";
- }
-
case SSL_kPSK:
assert(cipher->algorithm_auth == SSL_aPSK);
return "PSK";
@@ -1814,10 +1751,6 @@
kx = "ECDH";
break;
- case SSL_kCECPQ1:
- kx = "CECPQ1";
- break;
-
case SSL_kPSK:
kx = "PSK";
break;
@@ -1962,8 +1895,7 @@
int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher) {
/* Ephemeral Diffie-Hellman key exchanges require a ServerKeyExchange. */
if (cipher->algorithm_mkey & SSL_kDHE ||
- cipher->algorithm_mkey & SSL_kECDHE ||
- cipher->algorithm_mkey & SSL_kCECPQ1) {
+ cipher->algorithm_mkey & SSL_kECDHE) {
return 1;
}
