Remove remnants of EVP_CIPHER-based AES_GCM cipher.

Those codepaths are never hit.

Change-Id: Ib6908ebe90ab667774785298fdc3f96acc4b50df
Reviewed-on: https://boringssl-review.googlesource.com/1693
Reviewed-by: Adam Langley <agl@google.com>

4 files changed, 3 insertions, 28 deletions

diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index e80734e..4af096d 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -181,13 +181,6 @@ int tls1_cbc_remove_padding(const SSL* s,
 			}
 		}
 
-	if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
-		{
-		/* padding is already verified */
-		rec->length -= padding_length + 1;
-		return 1;
-		}
-
 	good = constant_time_ge(rec->length, overhead+padding_length);
 	/* The padding consists of a length byte at the end of the record and
 	 * then that many bytes of padding, all with the same value as the
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 12c5467..864e48d 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -760,9 +760,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 			if (eivlen <= 1)
 				eivlen = 0;
 			}
-		/* Need explicit part of IV for GCM mode */
-		else if (mode == EVP_CIPH_GCM_MODE)
-			eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
 		else
 			eivlen = 0;
 		}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 691b5fd..8361007 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -354,8 +354,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 	if (!ssl_cipher_get_mac(s, md, mac_pkey_type, mac_secret_size))
 		return 0;
 
-	if ((*enc != NULL) &&
-	    (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
+	if ((*enc != NULL) && (*md != NULL) &&
 	    (!mac_pkey_type||*mac_pkey_type != NID_undef))
 		{
 		if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index a2d96d6..abe5183 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -521,11 +521,7 @@ int tls1_change_cipher_state(SSL *s, int which)
 	else
 		{
 		key_len = EVP_CIPHER_key_length(cipher);
-
-		if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
-			iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
-		else
-			iv_len = EVP_CIPHER_iv_length(cipher);
+		iv_len = EVP_CIPHER_iv_length(cipher);
 		}
 
 	key_data = s->s3->tmp.key_block;
@@ -617,11 +613,7 @@ int tls1_setup_key_block(SSL *s)
 		if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size))
 			goto cipher_unavailable_err;
 		key_len = EVP_CIPHER_key_length(c);
-
-		if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
-			iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
-		else
-			iv_len = EVP_CIPHER_iv_length(c);
+		iv_len = EVP_CIPHER_iv_length(c);
 		}
 
 	s->s3->tmp.new_aead=aead;
@@ -951,12 +943,6 @@ int tls1_enc(SSL *s, int send)
 						?(i<0)
 						:(i==0))
 			return -1;	/* AEAD can fail to verify MAC */
-		if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send)
-			{
-			rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-			rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-			rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-			}
 
 #ifdef KSSL_DEBUG
 		{