Dead code removal: Fortezza identifiers

Not interested in helping the NSA in the slightest. And anyway, it was never implemented, #if'd out. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 21:00:03 -05:00 · 2015-01-27 21:00:03 -05:00 · 646e8c1d6b
commit 646e8c1d6b
parent 1a5adcfb5e
3 changed files with 0 additions and 61 deletions
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@ -246,11 +246,6 @@ carry ECDH keys.
 cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
 keys.

-=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
-
-ciphers suites using FORTEZZA key exchange, authentication, encryption or all
-FORTEZZA algorithms. Not implemented.
-
 =item B<TLSv1.2>, B<TLSv1>, B<SSLv3>

 TLS v1.2, TLS v1.0 or SSL v3.0 cipher suites respectively. Note:
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -601,57 +601,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
     168,
     },

-/* Fortezza ciphersuite from SSL 3.0 spec */
-#if 0
-/* Cipher 1C */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_NULL_SHA,
-     SSL3_CK_FZA_DMS_NULL_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-/* Cipher 1D */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_FZA_SHA,
-     SSL3_CK_FZA_DMS_FZA_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_eFZA,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-/* Cipher 1E */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_RC4_SHA,
-     SSL3_CK_FZA_DMS_RC4_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-#endif
-
 #ifndef OPENSSL_NO_KRB5
 /* The Kerberos ciphers*/
 /* Cipher 1E */
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -218,11 +218,6 @@ extern "C" {
 # define SSL_TXT_HIGH            "HIGH"
 # define SSL_TXT_FIPS            "FIPS"

-# define SSL_TXT_kFZA            "kFZA"/* unused! */
-# define SSL_TXT_aFZA            "aFZA"/* unused! */
-# define SSL_TXT_eFZA            "eFZA"/* unused! */
-# define SSL_TXT_FZA             "FZA"/* unused! */
-
 # define SSL_TXT_aNULL           "aNULL"
 # define SSL_TXT_eNULL           "eNULL"
 # define SSL_TXT_NULL            "NULL"