Remove RC4 from TLS for real. This withdraws support for -DBORINGSSL_ENABLE_RC4_TLS, and removes the RC4 AEADs. Change-Id: I1321b76bfe047d180743fa46d1b81c5d70c64e81 Reviewed-on: https://boringssl-review.googlesource.com/10940 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c index ea274ad..55070e9 100644 --- a/ssl/ssl_cipher.c +++ b/ssl/ssl_cipher.c
@@ -168,30 +168,6 @@ SSL_HANDSHAKE_MAC_DEFAULT, }, -#ifdef BORINGSSL_ENABLE_RC4_TLS - /* Cipher 04 */ - { - SSL3_TXT_RSA_RC4_128_MD5, - SSL3_CK_RSA_RC4_128_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_HANDSHAKE_MAC_DEFAULT, - }, - - /* Cipher 05 */ - { - SSL3_TXT_RSA_RC4_128_SHA, - SSL3_CK_RSA_RC4_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_HANDSHAKE_MAC_DEFAULT, - }, -#endif - /* Cipher 0A */ { SSL3_TXT_RSA_DES_192_CBC3_SHA, @@ -299,19 +275,6 @@ /* PSK cipher suites. */ -#ifdef BORINGSSL_ENABLE_RC4_TLS - /* Cipher 8A */ - { - TLS1_TXT_PSK_WITH_RC4_128_SHA, - TLS1_CK_PSK_WITH_RC4_128_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL_HANDSHAKE_MAC_DEFAULT, - }, -#endif - /* Cipher 8C */ { TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, @@ -426,19 +389,6 @@ SSL_HANDSHAKE_MAC_SHA384, }, -#ifdef BORINGSSL_ENABLE_RC4_TLS - /* Cipher C007 */ - { - TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_RC4, - SSL_SHA1, - SSL_HANDSHAKE_MAC_DEFAULT, - }, -#endif - /* Cipher C009 */ { TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, @@ -461,19 +411,6 @@ SSL_HANDSHAKE_MAC_DEFAULT, }, -#ifdef BORINGSSL_ENABLE_RC4_TLS - /* Cipher C011 */ - { - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_HANDSHAKE_MAC_DEFAULT, - }, -#endif - /* Cipher C013 */ { TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, @@ -768,7 +705,6 @@ /* symmetric encryption aliases */ {"3DES", ~0u, ~0u, SSL_3DES, ~0u, 0}, - {"RC4", ~0u, ~0u, SSL_RC4, ~0u, 0}, {"AES128", ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, 0}, {"AES256", ~SSL_kCECPQ1, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, 0}, {"AES", ~SSL_kCECPQ1, ~0u, SSL_AES, ~0u, 0}, @@ -790,9 +726,8 @@ {"TLSv1.2", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, TLS1_2_VERSION}, /* Legacy strength classes. */ - {"MEDIUM", ~0u, ~0u, SSL_RC4, ~0u, 0}, - {"HIGH", ~SSL_kCECPQ1, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0}, - {"FIPS", ~SSL_kCECPQ1, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0}, + {"HIGH", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, 0}, + {"FIPS", ~SSL_kCECPQ1, ~0u, ~SSL_eNULL, ~0u, 0}, }; static const size_t kCipherAliasesLen = OPENSSL_ARRAY_SIZE(kCipherAliases); @@ -853,31 +788,6 @@ *out_fixed_iv_len = 12; break; -#ifdef BORINGSSL_ENABLE_RC4_TLS - case SSL_RC4: - switch (cipher->algorithm_mac) { - case SSL_MD5: - if (version == SSL3_VERSION) { - *out_aead = EVP_aead_rc4_md5_ssl3(); - } else { - *out_aead = EVP_aead_rc4_md5_tls(); - } - *out_mac_secret_len = MD5_DIGEST_LENGTH; - break; - case SSL_SHA1: - if (version == SSL3_VERSION) { - *out_aead = EVP_aead_rc4_sha1_ssl3(); - } else { - *out_aead = EVP_aead_rc4_sha1_tls(); - } - *out_mac_secret_len = SHA_DIGEST_LENGTH; - break; - default: - return 0; - } - break; -#endif - case SSL_AES128: switch (cipher->algorithm_mac) { case SSL_SHA1: @@ -1541,17 +1451,13 @@ } /* Then the legacy non-AEAD ciphers: AES_128_CBC, AES_256_CBC, - * 3DES_EDE_CBC_SHA, RC4_128_SHA, RC4_128_MD5. */ + * 3DES_EDE_CBC_SHA. */ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128, ~0u, 0, CIPHER_ADD, -1, 0, &head, &tail); ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256, ~0u, 0, CIPHER_ADD, -1, 0, &head, &tail); ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, 0, CIPHER_ADD, -1, 0, &head, &tail); - ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, ~SSL_MD5, 0, CIPHER_ADD, -1, 0, - &head, &tail); - ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, SSL_MD5, 0, CIPHER_ADD, -1, 0, - &head, &tail); /* Temporarily enable everything else for sorting */ ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0, &head, @@ -1734,13 +1640,8 @@ return (cipher->algorithm_enc & SSL_eNULL) != 0; } -int SSL_CIPHER_is_RC4(const SSL_CIPHER *cipher) { - return (cipher->algorithm_enc & SSL_RC4) != 0; -} - int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher) { - /* Neither stream cipher nor AEAD. */ - return (cipher->algorithm_enc & (SSL_RC4 | SSL_eNULL)) == 0 && + return (cipher->algorithm_enc & SSL_eNULL) == 0 && cipher->algorithm_mac != SSL_AEAD; } @@ -1845,8 +1746,6 @@ switch (cipher->algorithm_enc) { case SSL_3DES: return "3DES_EDE_CBC"; - case SSL_RC4: - return "RC4"; case SSL_AES128: return "AES_128_CBC"; case SSL_AES256: @@ -1925,7 +1824,6 @@ switch (cipher->algorithm_enc) { case SSL_AES128: case SSL_AES128GCM: - case SSL_RC4: alg_bits = 128; strength_bits = 128; break; @@ -2020,10 +1918,6 @@ enc = "3DES(168)"; break; - case SSL_RC4: - enc = "RC4(128)"; - break; - case SSL_AES128: enc = "AES(128)"; break;