From b061161e6a861a29b8a1bc1e69b7e4b9e1fabda7 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Mon, 3 Sep 2018 17:45:24 +0000
Subject: [PATCH] Stop handling AES-GCM via ssl_cipher_get_evp().

All of the AES-GCM ciphersuites use the EVP_AEAD interface, so there is no
need to support them via EVP_CIPHER.

ok inoguchi@ tb@
---
 lib/libssl/ssl_ciph.c | 23 +++--------------------
 1 file changed, 3 insertions(+), 20 deletions(-)

diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index c39ac302bdd..6998645691b 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.100 2018/09/03 17:41:13 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.101 2018/09/03 17:45:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -158,12 +158,10 @@
 #define SSL_ENC_CAMELLIA128_IDX	5
 #define SSL_ENC_CAMELLIA256_IDX	6
 #define SSL_ENC_GOST89_IDX	7
-#define SSL_ENC_AES128GCM_IDX	8
-#define SSL_ENC_AES256GCM_IDX	9
-#define SSL_ENC_NUM_IDX		10
+#define SSL_ENC_NUM_IDX		8
 
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
-	NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+	NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
 };
 
 #define SSL_MD_MD5_IDX	0
@@ -465,11 +463,6 @@ ssl_load_ciphers(void)
 	ssl_cipher_methods[SSL_ENC_GOST89_IDX] =
 	    EVP_get_cipherbyname(SN_gost89_cnt);
 
-	ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] =
-	    EVP_get_cipherbyname(SN_aes_128_gcm);
-	ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] =
-	    EVP_get_cipherbyname(SN_aes_256_gcm);
-
 	ssl_digest_methods[SSL_MD_MD5_IDX] =
 	    EVP_get_digestbyname(SN_md5);
 	ssl_mac_secret_size[SSL_MD_MD5_IDX] =
@@ -553,12 +546,6 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 	case SSL_eGOST2814789CNT:
 		i = SSL_ENC_GOST89_IDX;
 		break;
-	case SSL_AES128GCM:
-		i = SSL_ENC_AES128GCM_IDX;
-		break;
-	case SSL_AES256GCM:
-		i = SSL_ENC_AES256GCM_IDX;
-		break;
 	default:
 		i = -1;
 		break;
@@ -659,14 +646,12 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
 		return 0;
 
 	switch (c->algorithm_enc) {
-#ifndef OPENSSL_NO_AES
 	case SSL_AES128GCM:
 		*aead = EVP_aead_aes_128_gcm();
 		return 1;
 	case SSL_AES256GCM:
 		*aead = EVP_aead_aes_256_gcm();
 		return 1;
-#endif
 	case SSL_CHACHA20POLY1305:
 		*aead = EVP_aead_chacha20_poly1305();
 		return 1;
@@ -771,8 +756,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
 	*enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0;
 	*enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0;
 	*enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0;
 	*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0;
 	*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0;
 	*enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0;
-- 
2.20.1