mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code

Remove support for GOST R 34.10-94 signature authentication, along with

Browse Source 
the two ciphersuites that use it. GOST94 public/private keys have been
long obsoleted and libcrypto does not have support for them anyway.

Discussed with Dmitry Eremin-Solenikov.
This commit is contained in:
jsing 2014-12-10 15:36:46 +00:00
parent 6eb325be3f
commit 829c998383
18 changed files with 30 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/libssl/s3_both.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_both.c,v 1.32 2014/11/16 14:12:47 jsing Exp $ */
/* $OpenBSD: s3_both.c,v 1.33 2014/12/10 15:36:46 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -542,9 +542,6 @@ ssl_cert_type(X509 *x, EVP_PKEY *pkey)
}
else if (i == EVP_PKEY_EC) {
ret = SSL_PKEY_ECC;
}
else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
ret = SSL_PKEY_GOST94;
} else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
ret = SSL_PKEY_GOST01;
}

4
lib/libssl/s3_clnt.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_clnt.c,v 1.97 2014/12/06 14:24:26 jsing Exp $ */
/* $OpenBSD: s3_clnt.c,v 1.98 2014/12/10 15:36:46 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -2207,8 +2207,6 @@ ssl3_send_client_key_exchange(SSL *s)
/* Get server sertificate PKEY and create ctx from it */
peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
if (!peer_cert)
peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST94].x509;
if (!peer_cert) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);

35
lib/libssl/s3_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_lib.c,v 1.86 2014/12/10 14:58:56 jsing Exp $ */
/* $OpenBSD: s3_lib.c,v 1.87 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -747,23 +747,6 @@ SSL_CIPHER ssl3_ciphers[] = {
/* GOST Ciphersuites */
/* Cipher 80 */
{
.valid = 1,
.name = "GOST94-GOST89-GOST89",
.id = 0x3000080,
.algorithm_mkey = SSL_kGOST,
.algorithm_auth = SSL_aGOST94,
.algorithm_enc = SSL_eGOST2814789CNT,
.algorithm_mac = SSL_GOST89MAC,
.algorithm_ssl = SSL_TLSV1,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
TLS1_STREAM_MAC,
.strength_bits = 256,
.alg_bits = 256
},
/* Cipher 81 */
{
.valid = 1,
@ -781,22 +764,6 @@ SSL_CIPHER ssl3_ciphers[] = {
.alg_bits = 256
},
/* Cipher 82 */
{
.valid = 1,
.name = "GOST94-NULL-GOST94",
.id = 0x3000082,
.algorithm_mkey = SSL_kGOST,
.algorithm_auth = SSL_aGOST94,
.algorithm_enc = SSL_eNULL,
.algorithm_mac = SSL_GOST94,
.algorithm_ssl = SSL_TLSV1,
.algo_strength = SSL_STRONG_NONE,
.algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
.strength_bits = 0,
.alg_bits = 0
},
/* Cipher 83 */
{
.valid = 1,

6
lib/libssl/s3_srvr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_srvr.c,v 1.91 2014/11/18 05:33:43 miod Exp $ */
/* $OpenBSD: s3_srvr.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -2134,9 +2134,7 @@ ssl3_get_client_key_exchange(SSL *s)
/* Get our certificate private key*/
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
if (alg_a & SSL_aGOST94)
pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
else if (alg_a & SSL_aGOST01)
if (alg_a & SSL_aGOST01)
pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);

5
lib/libssl/src/ssl/s3_both.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_both.c,v 1.32 2014/11/16 14:12:47 jsing Exp $ */
/* $OpenBSD: s3_both.c,v 1.33 2014/12/10 15:36:46 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -542,9 +542,6 @@ ssl_cert_type(X509 *x, EVP_PKEY *pkey)
}
else if (i == EVP_PKEY_EC) {
ret = SSL_PKEY_ECC;
}
else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
ret = SSL_PKEY_GOST94;
} else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
ret = SSL_PKEY_GOST01;
}

4
lib/libssl/src/ssl/s3_clnt.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_clnt.c,v 1.97 2014/12/06 14:24:26 jsing Exp $ */
/* $OpenBSD: s3_clnt.c,v 1.98 2014/12/10 15:36:46 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -2207,8 +2207,6 @@ ssl3_send_client_key_exchange(SSL *s)
/* Get server sertificate PKEY and create ctx from it */
peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
if (!peer_cert)
peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST94].x509;
if (!peer_cert) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);

35
lib/libssl/src/ssl/s3_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_lib.c,v 1.86 2014/12/10 14:58:56 jsing Exp $ */
/* $OpenBSD: s3_lib.c,v 1.87 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -747,23 +747,6 @@ SSL_CIPHER ssl3_ciphers[] = {
/* GOST Ciphersuites */
/* Cipher 80 */
{
.valid = 1,
.name = "GOST94-GOST89-GOST89",
.id = 0x3000080,
.algorithm_mkey = SSL_kGOST,
.algorithm_auth = SSL_aGOST94,
.algorithm_enc = SSL_eGOST2814789CNT,
.algorithm_mac = SSL_GOST89MAC,
.algorithm_ssl = SSL_TLSV1,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
TLS1_STREAM_MAC,
.strength_bits = 256,
.alg_bits = 256
},
/* Cipher 81 */
{
.valid = 1,
@ -781,22 +764,6 @@ SSL_CIPHER ssl3_ciphers[] = {
.alg_bits = 256
},
/* Cipher 82 */
{
.valid = 1,
.name = "GOST94-NULL-GOST94",
.id = 0x3000082,
.algorithm_mkey = SSL_kGOST,
.algorithm_auth = SSL_aGOST94,
.algorithm_enc = SSL_eNULL,
.algorithm_mac = SSL_GOST94,
.algorithm_ssl = SSL_TLSV1,
.algo_strength = SSL_STRONG_NONE,
.algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
.strength_bits = 0,
.alg_bits = 0
},
/* Cipher 83 */
{
.valid = 1,

6
lib/libssl/src/ssl/s3_srvr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_srvr.c,v 1.91 2014/11/18 05:33:43 miod Exp $ */
/* $OpenBSD: s3_srvr.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -2134,9 +2134,7 @@ ssl3_get_client_key_exchange(SSL *s)
/* Get our certificate private key*/
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
if (alg_a & SSL_aGOST94)
pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
else if (alg_a & SSL_aGOST01)
if (alg_a & SSL_aGOST01)
pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);

3
lib/libssl/src/ssl/ssl_cert.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_cert.c,v 1.47 2014/12/06 14:24:26 jsing Exp $ */
/* $OpenBSD: ssl_cert.c,v 1.48 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -167,7 +167,6 @@ ssl_cert_set_default_md(CERT *cert)
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#ifndef OPENSSL_NO_GOST
cert->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194();
cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
#endif
}

17
lib/libssl/src/ssl/ssl_ciph.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_ciph.c,v 1.77 2014/12/07 12:13:06 jsing Exp $ */
/* $OpenBSD: ssl_ciph.c,v 1.78 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -313,17 +313,13 @@ static const SSL_CIPHER cipher_aliases[] = {
.name = SSL_TXT_ECDSA,
.algorithm_auth = SSL_aECDSA,
},
{
.name = SSL_TXT_aGOST94,
.algorithm_auth = SSL_aGOST94,
},
{
.name = SSL_TXT_aGOST01,
.algorithm_auth = SSL_aGOST01,
},
{
.name = SSL_TXT_aGOST,
.algorithm_auth = SSL_aGOST94|SSL_aGOST01,
.algorithm_auth = SSL_aGOST01,
},
/* aliases combining key exchange and server authentication */
@ -808,12 +804,10 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
* algorithms. If they are not available disable the associated
* authentication and key exchange algorithms.
*/
if (EVP_PKEY_meth_find(NID_id_GostR3410_94) == NULL)
*auth |= SSL_aGOST94;
if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL)
if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) {
*auth |= SSL_aGOST01;
if (((~*auth) & (SSL_aGOST94|SSL_aGOST01)) == 0)
*mkey |= SSL_kGOST;
}
#ifdef SSL_FORBID_ENULL
*enc |= SSL_eNULL;
@ -1589,9 +1583,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_aECDSA:
au = "ECDSA";
break;
case SSL_aGOST94:
au = "GOST94";
break;
case SSL_aGOST01:
au = "GOST01";
break;

9
lib/libssl/src/ssl/ssl_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_lib.c,v 1.91 2014/12/10 14:58:56 jsing Exp $ */
/* $OpenBSD: ssl_lib.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -2051,11 +2051,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
mask_k |= SSL_kGOST;
mask_a |= SSL_aGOST01;
}
cpk = &(c->pkeys[SSL_PKEY_GOST94]);
if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
mask_k |= SSL_kGOST;
mask_a |= SSL_aGOST94;
}
if (rsa_enc)
mask_k|=SSL_kRSA;
@ -2211,8 +2206,6 @@ ssl_get_server_send_pkey(const SSL *s)
i = SSL_PKEY_RSA_SIGN;
else
i = SSL_PKEY_RSA_ENC;
} else if (alg_a & SSL_aGOST94) {
i = SSL_PKEY_GOST94;
} else if (alg_a & SSL_aGOST01) {
i = SSL_PKEY_GOST01;
} else { /* if (alg_a & SSL_aNULL) */

8
lib/libssl/src/ssl/ssl_locl.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_locl.h,v 1.79 2014/12/06 14:24:26 jsing Exp $ */
/* $OpenBSD: ssl_locl.h,v 1.80 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -266,7 +266,6 @@
#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
@ -398,9 +397,8 @@
#define SSL_PKEY_DH_RSA 3
#define SSL_PKEY_DH_DSA 4
#define SSL_PKEY_ECC 5
#define SSL_PKEY_GOST94 6
#define SSL_PKEY_GOST01 7
#define SSL_PKEY_NUM 8
#define SSL_PKEY_GOST01 6
#define SSL_PKEY_NUM 7
/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)

5
lib/libssl/src/ssl/t1_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: t1_lib.c,v 1.72 2014/12/10 14:58:56 jsing Exp $ */
/* $OpenBSD: t1_lib.c,v 1.73 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -2448,7 +2448,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
c->pkeys[SSL_PKEY_ECC].digest = NULL;
c->pkeys[SSL_PKEY_GOST94].digest = NULL;
c->pkeys[SSL_PKEY_GOST01].digest = NULL;
for (i = 0; i < dsize; i += 2) {
@ -2496,8 +2495,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
if (!c->pkeys[SSL_PKEY_ECC].digest)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#ifndef OPENSSL_NO_GOST
if (!c->pkeys[SSL_PKEY_GOST94].digest)
c->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194();
if (!c->pkeys[SSL_PKEY_GOST01].digest)
c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
#endif

3
lib/libssl/ssl_cert.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_cert.c,v 1.47 2014/12/06 14:24:26 jsing Exp $ */
/* $OpenBSD: ssl_cert.c,v 1.48 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -167,7 +167,6 @@ ssl_cert_set_default_md(CERT *cert)
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#ifndef OPENSSL_NO_GOST
cert->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194();
cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
#endif
}

17
lib/libssl/ssl_ciph.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_ciph.c,v 1.77 2014/12/07 12:13:06 jsing Exp $ */
/* $OpenBSD: ssl_ciph.c,v 1.78 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -313,17 +313,13 @@ static const SSL_CIPHER cipher_aliases[] = {
.name = SSL_TXT_ECDSA,
.algorithm_auth = SSL_aECDSA,
},
{
.name = SSL_TXT_aGOST94,
.algorithm_auth = SSL_aGOST94,
},
{
.name = SSL_TXT_aGOST01,
.algorithm_auth = SSL_aGOST01,
},
{
.name = SSL_TXT_aGOST,
.algorithm_auth = SSL_aGOST94|SSL_aGOST01,
.algorithm_auth = SSL_aGOST01,
},
/* aliases combining key exchange and server authentication */
@ -808,12 +804,10 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
* algorithms. If they are not available disable the associated
* authentication and key exchange algorithms.
*/
if (EVP_PKEY_meth_find(NID_id_GostR3410_94) == NULL)
*auth |= SSL_aGOST94;
if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL)
if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) {
*auth |= SSL_aGOST01;
if (((~*auth) & (SSL_aGOST94|SSL_aGOST01)) == 0)
*mkey |= SSL_kGOST;
}
#ifdef SSL_FORBID_ENULL
*enc |= SSL_eNULL;
@ -1589,9 +1583,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_aECDSA:
au = "ECDSA";
break;
case SSL_aGOST94:
au = "GOST94";
break;
case SSL_aGOST01:
au = "GOST01";
break;

9
lib/libssl/ssl_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_lib.c,v 1.91 2014/12/10 14:58:56 jsing Exp $ */
/* $OpenBSD: ssl_lib.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -2051,11 +2051,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
mask_k |= SSL_kGOST;
mask_a |= SSL_aGOST01;
}
cpk = &(c->pkeys[SSL_PKEY_GOST94]);
if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
mask_k |= SSL_kGOST;
mask_a |= SSL_aGOST94;
}
if (rsa_enc)
mask_k|=SSL_kRSA;
@ -2211,8 +2206,6 @@ ssl_get_server_send_pkey(const SSL *s)
i = SSL_PKEY_RSA_SIGN;
else
i = SSL_PKEY_RSA_ENC;
} else if (alg_a & SSL_aGOST94) {
i = SSL_PKEY_GOST94;
} else if (alg_a & SSL_aGOST01) {
i = SSL_PKEY_GOST01;
} else { /* if (alg_a & SSL_aNULL) */

8
lib/libssl/ssl_locl.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_locl.h,v 1.79 2014/12/06 14:24:26 jsing Exp $ */
/* $OpenBSD: ssl_locl.h,v 1.80 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -266,7 +266,6 @@
#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
@ -398,9 +397,8 @@
#define SSL_PKEY_DH_RSA 3
#define SSL_PKEY_DH_DSA 4
#define SSL_PKEY_ECC 5
#define SSL_PKEY_GOST94 6
#define SSL_PKEY_GOST01 7
#define SSL_PKEY_NUM 8
#define SSL_PKEY_GOST01 6
#define SSL_PKEY_NUM 7
/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)

5
lib/libssl/t1_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: t1_lib.c,v 1.72 2014/12/10 14:58:56 jsing Exp $ */
/* $OpenBSD: t1_lib.c,v 1.73 2014/12/10 15:36:47 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -2448,7 +2448,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
c->pkeys[SSL_PKEY_ECC].digest = NULL;
c->pkeys[SSL_PKEY_GOST94].digest = NULL;
c->pkeys[SSL_PKEY_GOST01].digest = NULL;
for (i = 0; i < dsize; i += 2) {
@ -2496,8 +2495,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
if (!c->pkeys[SSL_PKEY_ECC].digest)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#ifndef OPENSSL_NO_GOST
if (!c->pkeys[SSL_PKEY_GOST94].digest)
c->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194();
if (!c->pkeys[SSL_PKEY_GOST01].digest)
c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
#endif