Remove RC4 from TLS for real.
This withdraws support for -DBORINGSSL_ENABLE_RC4_TLS, and removes the
RC4 AEADs.
Change-Id: I1321b76bfe047d180743fa46d1b81c5d70c64e81
Reviewed-on: https://boringssl-review.googlesource.com/10940
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index ea274ad..55070e9 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -168,30 +168,6 @@
SSL_HANDSHAKE_MAC_DEFAULT,
},
-#ifdef BORINGSSL_ENABLE_RC4_TLS
- /* Cipher 04 */
- {
- SSL3_TXT_RSA_RC4_128_MD5,
- SSL3_CK_RSA_RC4_128_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_MD5,
- SSL_HANDSHAKE_MAC_DEFAULT,
- },
-
- /* Cipher 05 */
- {
- SSL3_TXT_RSA_RC4_128_SHA,
- SSL3_CK_RSA_RC4_128_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_SHA1,
- SSL_HANDSHAKE_MAC_DEFAULT,
- },
-#endif
-
/* Cipher 0A */
{
SSL3_TXT_RSA_DES_192_CBC3_SHA,
@@ -299,19 +275,6 @@
/* PSK cipher suites. */
-#ifdef BORINGSSL_ENABLE_RC4_TLS
- /* Cipher 8A */
- {
- TLS1_TXT_PSK_WITH_RC4_128_SHA,
- TLS1_CK_PSK_WITH_RC4_128_SHA,
- SSL_kPSK,
- SSL_aPSK,
- SSL_RC4,
- SSL_SHA1,
- SSL_HANDSHAKE_MAC_DEFAULT,
- },
-#endif
-
/* Cipher 8C */
{
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
@@ -426,19 +389,6 @@
SSL_HANDSHAKE_MAC_SHA384,
},
-#ifdef BORINGSSL_ENABLE_RC4_TLS
- /* Cipher C007 */
- {
- TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
- SSL_kECDHE,
- SSL_aECDSA,
- SSL_RC4,
- SSL_SHA1,
- SSL_HANDSHAKE_MAC_DEFAULT,
- },
-#endif
-
/* Cipher C009 */
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
@@ -461,19 +411,6 @@
SSL_HANDSHAKE_MAC_DEFAULT,
},
-#ifdef BORINGSSL_ENABLE_RC4_TLS
- /* Cipher C011 */
- {
- TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- SSL_kECDHE,
- SSL_aRSA,
- SSL_RC4,
- SSL_SHA1,
- SSL_HANDSHAKE_MAC_DEFAULT,
- },
-#endif
-
/* Cipher C013 */
{
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
@@ -768,7 +705,6 @@
/* symmetric encryption aliases */
{"3DES", ~0u, ~0u, SSL_3DES, ~0u, 0},
- {"RC4", ~0u, ~0u, SSL_RC4, ~0u, 0},
{"AES128", ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, 0},
{"AES256", ~SSL_kCECPQ1, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, 0},
{"AES", ~SSL_kCECPQ1, ~0u, SSL_AES, ~0u, 0},
@@ -790,9 +726,8 @@
{"TLSv1.2", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, TLS1_2_VERSION},
/* Legacy strength classes. */
- {"MEDIUM", ~0u, ~0u, SSL_RC4, ~0u, 0},
- {"HIGH", ~SSL_kCECPQ1, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0},
- {"FIPS", ~SSL_kCECPQ1, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0},
+ {"HIGH", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, 0},
+ {"FIPS", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, 0},
};
static const size_t kCipherAliasesLen = OPENSSL_ARRAY_SIZE(kCipherAliases);
@@ -853,31 +788,6 @@
*out_fixed_iv_len = 12;
break;
-#ifdef BORINGSSL_ENABLE_RC4_TLS
- case SSL_RC4:
- switch (cipher->algorithm_mac) {
- case SSL_MD5:
- if (version == SSL3_VERSION) {
- *out_aead = EVP_aead_rc4_md5_ssl3();
- } else {
- *out_aead = EVP_aead_rc4_md5_tls();
- }
- *out_mac_secret_len = MD5_DIGEST_LENGTH;
- break;
- case SSL_SHA1:
- if (version == SSL3_VERSION) {
- *out_aead = EVP_aead_rc4_sha1_ssl3();
- } else {
- *out_aead = EVP_aead_rc4_sha1_tls();
- }
- *out_mac_secret_len = SHA_DIGEST_LENGTH;
- break;
- default:
- return 0;
- }
- break;
-#endif
-
case SSL_AES128:
switch (cipher->algorithm_mac) {
case SSL_SHA1:
@@ -1541,17 +1451,13 @@
}
/* Then the legacy non-AEAD ciphers: AES_128_CBC, AES_256_CBC,
- * 3DES_EDE_CBC_SHA, RC4_128_SHA, RC4_128_MD5. */
+ * 3DES_EDE_CBC_SHA. */
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128, ~0u, 0, CIPHER_ADD, -1, 0,
&head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256, ~0u, 0, CIPHER_ADD, -1, 0,
&head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, 0, CIPHER_ADD, -1, 0, &head,
&tail);
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, ~SSL_MD5, 0, CIPHER_ADD, -1, 0,
- &head, &tail);
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, SSL_MD5, 0, CIPHER_ADD, -1, 0,
- &head, &tail);
/* Temporarily enable everything else for sorting */
ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0, &head,
@@ -1734,13 +1640,8 @@
return (cipher->algorithm_enc & SSL_eNULL) != 0;
}
-int SSL_CIPHER_is_RC4(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_enc & SSL_RC4) != 0;
-}
-
int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher) {
- /* Neither stream cipher nor AEAD. */
- return (cipher->algorithm_enc & (SSL_RC4 | SSL_eNULL)) == 0 &&
+ return (cipher->algorithm_enc & SSL_eNULL) == 0 &&
cipher->algorithm_mac != SSL_AEAD;
}
@@ -1845,8 +1746,6 @@
switch (cipher->algorithm_enc) {
case SSL_3DES:
return "3DES_EDE_CBC";
- case SSL_RC4:
- return "RC4";
case SSL_AES128:
return "AES_128_CBC";
case SSL_AES256:
@@ -1925,7 +1824,6 @@
switch (cipher->algorithm_enc) {
case SSL_AES128:
case SSL_AES128GCM:
- case SSL_RC4:
alg_bits = 128;
strength_bits = 128;
break;
@@ -2020,10 +1918,6 @@
enc = "3DES(168)";
break;
- case SSL_RC4:
- enc = "RC4(128)";
- break;
-
case SSL_AES128:
enc = "AES(128)";
break;
