From 646e8c1d6b30a2ed080ce5b968b49d234b42644f Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Tue, 27 Jan 2015 21:00:03 -0500
Subject: Dead code removal: Fortezza identifiers

Not interested in helping the NSA in the slightest.
And anyway, it was never implemented, #if'd out.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 doc/apps/ciphers.pod |  5 -----
 ssl/s3_lib.c         | 51 ---------------------------------------------------
 ssl/ssl.h            |  5 -----
 3 files changed, 61 deletions(-)

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 5f8dac4e19..6d39c54c94 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -246,11 +246,6 @@ carry ECDH keys.
 cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
 keys.
 
-=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
-
-ciphers suites using FORTEZZA key exchange, authentication, encryption or all
-FORTEZZA algorithms. Not implemented.
-
 =item B<TLSv1.2>, B<TLSv1>, B<SSLv3>
 
 TLS v1.2, TLS v1.0 or SSL v3.0 cipher suites respectively. Note:
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 508cf8912c..3a1377ac7b 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -601,57 +601,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      168,
      },
 
-/* Fortezza ciphersuite from SSL 3.0 spec */
-#if 0
-/* Cipher 1C */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_NULL_SHA,
-     SSL3_CK_FZA_DMS_NULL_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-/* Cipher 1D */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_FZA_SHA,
-     SSL3_CK_FZA_DMS_FZA_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_eFZA,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-/* Cipher 1E */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_RC4_SHA,
-     SSL3_CK_FZA_DMS_RC4_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-#endif
-
 #ifndef OPENSSL_NO_KRB5
 /* The Kerberos ciphers*/
 /* Cipher 1E */
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 86f2387d9f..5622860483 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -218,11 +218,6 @@ extern "C" {
 # define SSL_TXT_HIGH            "HIGH"
 # define SSL_TXT_FIPS            "FIPS"
 
-# define SSL_TXT_kFZA            "kFZA"/* unused! */
-# define SSL_TXT_aFZA            "aFZA"/* unused! */
-# define SSL_TXT_eFZA            "eFZA"/* unused! */
-# define SSL_TXT_FZA             "FZA"/* unused! */
-
 # define SSL_TXT_aNULL           "aNULL"
 # define SSL_TXT_eNULL           "eNULL"
 # define SSL_TXT_NULL            "NULL"
-- 
cgit v1.2.3