[PATCH] crypto: Remove some unreachable algorithms
David Benjamin
davidben at google.com
Mon Oct 6 08:38:36 PDT 2025
The tls_ciphers table contained a number of algorithms that weren't
referenced in tls_cipher_suites. Remove those. That includes
TLS_CIPHER_IDEA_CBC, which was probably always broken because it was
mapped to CRYPTO_CIPHER_NULL. It also removes RC2, which is an
export-only cipher, despite the file saying it doesn't bother with
exportable ciphers.
That, in turn, removes all references to CRYPTO_CIPHER_ALG_RC2, so
remove that too. The OpenSSL port of CRYPTO_CIPHER_ALG_RC2 probably
never worked anyway because it uses RC2 in ECB mode instead of CBC.
It's likely other removals are possible. tlsv1_common.c has single-DES
ciphers, but tlsv1_client.c and tlsv1_server.c only configure a much
smaller list. There's also a lot of code for TLS_KEY_X_DH_anon, but
those ciphers aren't configured. I've left those alone because I'm not
sure how all this code is used.
Signed-off-by: David Benjamin <davidben at google.com>
Patch attached to avoid email client mangling.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-crypto-Remove-some-unreachable-algorithms.patch
Type: application/octet-stream
Size: 5465 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20251006/57aa471c/attachment-0001.obj>
More information about the Hostap
mailing list