Remove deprecated cipher property APIs.
Consumers have been switched to the new ones.
Change-Id: I7a8ec6308775a105a490882c97955daed12a2c2c
Reviewed-on: https://boringssl-review.googlesource.com/19605
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 016c83c..4463c8d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3967,64 +3967,6 @@
// the session.
OPENSSL_EXPORT SSL_SESSION *SSL_get1_session(SSL *ssl);
-// TODO(davidben): Convert all the callers of these old |SSL_CIPHER| functions
-// and remove them.
-
-// SSL_CIPHER_is_AEAD calls |SSL_CIPHER_is_aead|.
-OPENSSL_EXPORT int SSL_CIPHER_is_AEAD(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_is_AES returns one if |cipher| uses AES (either GCM or CBC
-// mode). Use |SSL_CIPHER_get_cipher_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_has_SHA1_HMAC returns one if |cipher| uses HMAC-SHA1. Use
-// |SSL_CIPHER_get_digest_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_has_SHA1_HMAC(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_has_SHA256_HMAC returns one if |cipher| uses HMAC-SHA256. Use
-// |SSL_CIPHER_get_digest_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_has_SHA256_HMAC(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_has_SHA384_HMAC returns one if |cipher| uses HMAC-SHA384. Use
-// |SSL_CIPHER_get_digest_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_has_SHA384_HMAC(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_is_AESGCM returns one if |cipher| uses AES-GCM. Use
-// |SSL_CIPHER_get_cipher_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_is_AES128GCM returns one if |cipher| uses 128-bit AES-GCM. Use
-// |SSL_CIPHER_get_cipher_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_is_AES128GCM(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_is_AES128CBC returns one if |cipher| uses 128-bit AES in CBC
-// mode. Use |SSL_CIPHER_get_cipher_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_is_AES128CBC(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_is_AES256CBC returns one if |cipher| uses 256-bit AES in CBC
-// mode. Use |SSL_CIPHER_get_cipher_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_is_AES256CBC(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_is_CHACHA20POLY1305 returns one if |cipher| uses
-// CHACHA20_POLY1305. Use |SSL_CIPHER_get_cipher_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_is_NULL returns one if |cipher| does not encrypt. Use
-// |SSL_CIPHER_get_cipher_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_is_NULL(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_is_ECDSA returns one if |cipher| uses ECDSA. Use
-// |SSL_CIPHER_get_auth_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_is_ECDSA(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_is_ECDHE returns one if |cipher| uses ECDHE. Use
-// |SSL_CIPHER_get_kx_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_is_ECDHE(const SSL_CIPHER *cipher);
-
-// SSL_CIPHER_is_static_RSA returns one if |cipher| uses the static RSA key
-// exchange. Use |SSL_CIPHER_get_kx_nid| instead.
-OPENSSL_EXPORT int SSL_CIPHER_is_static_RSA(const SSL_CIPHER *cipher);
-
// Private structures.
//
diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index de4a4b4..ecdecdd 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc
@@ -1439,22 +1439,6 @@
uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; }
-int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_enc & SSL_AES) != 0;
-}
-
-int SSL_CIPHER_has_SHA1_HMAC(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_mac & SSL_SHA1) != 0;
-}
-
-int SSL_CIPHER_has_SHA256_HMAC(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_mac & SSL_SHA256) != 0;
-}
-
-int SSL_CIPHER_has_SHA384_HMAC(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_mac & SSL_SHA384) != 0;
-}
-
int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher) {
return (cipher->algorithm_mac & SSL_AEAD) != 0;
}
@@ -1525,51 +1509,11 @@
return NID_undef;
}
-int SSL_CIPHER_is_AEAD(const SSL_CIPHER *cipher) {
- return SSL_CIPHER_is_aead(cipher);
-}
-
-int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_enc & (SSL_AES128GCM | SSL_AES256GCM)) != 0;
-}
-
-int SSL_CIPHER_is_AES128GCM(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_enc & SSL_AES128GCM) != 0;
-}
-
-int SSL_CIPHER_is_AES128CBC(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_enc & SSL_AES128) != 0;
-}
-
-int SSL_CIPHER_is_AES256CBC(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_enc & SSL_AES256) != 0;
-}
-
-int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_enc & SSL_CHACHA20POLY1305) != 0;
-}
-
-int SSL_CIPHER_is_NULL(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_enc & SSL_eNULL) != 0;
-}
-
int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher) {
return (cipher->algorithm_enc & SSL_eNULL) == 0 &&
cipher->algorithm_mac != SSL_AEAD;
}
-int SSL_CIPHER_is_ECDSA(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_auth & SSL_aECDSA) != 0;
-}
-
-int SSL_CIPHER_is_ECDHE(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_mkey & SSL_kECDHE) != 0;
-}
-
-int SSL_CIPHER_is_static_RSA(const SSL_CIPHER *cipher) {
- return (cipher->algorithm_mkey & SSL_kRSA) != 0;
-}
-
uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher) {
if (cipher->algorithm_mkey == SSL_kGENERIC ||
cipher->algorithm_auth == SSL_aGENERIC) {
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index bc89202..2d01c51 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -476,7 +476,7 @@
ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), rule));
for (const SSL_CIPHER *cipher : SSL_CTX_get_ciphers(ctx.get())) {
- EXPECT_FALSE(SSL_CIPHER_is_NULL(cipher));
+ EXPECT_NE(NID_undef, SSL_CIPHER_get_cipher_nid(cipher));
}
}
}
