diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index 752bac6c946..0d9cc3d65ca 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.32 2014/11/16 14:12:47 jsing Exp $ */ +/* $OpenBSD: s3_both.c,v 1.33 2014/12/10 15:36:46 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -542,9 +542,6 @@ ssl_cert_type(X509 *x, EVP_PKEY *pkey) } else if (i == EVP_PKEY_EC) { ret = SSL_PKEY_ECC; - } - else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) { - ret = SSL_PKEY_GOST94; } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) { ret = SSL_PKEY_GOST01; } diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index b3dbe327458..6a54dfa359f 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.97 2014/12/06 14:24:26 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.98 2014/12/10 15:36:46 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2207,8 +2207,6 @@ ssl3_send_client_key_exchange(SSL *s) /* Get server sertificate PKEY and create ctx from it */ peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509; - if (!peer_cert) - peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST94].x509; if (!peer_cert) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 9897fba6c56..4beee2d53c4 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.86 2014/12/10 14:58:56 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.87 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -747,23 +747,6 @@ SSL_CIPHER ssl3_ciphers[] = { /* GOST Ciphersuites */ - /* Cipher 80 */ - { - .valid = 1, - .name = "GOST94-GOST89-GOST89", - .id = 0x3000080, - .algorithm_mkey = SSL_kGOST, - .algorithm_auth = SSL_aGOST94, - .algorithm_enc = SSL_eGOST2814789CNT, - .algorithm_mac = SSL_GOST89MAC, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| - TLS1_STREAM_MAC, - .strength_bits = 256, - .alg_bits = 256 - }, - /* Cipher 81 */ { .valid = 1, @@ -781,22 +764,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256 }, - /* Cipher 82 */ - { - .valid = 1, - .name = "GOST94-NULL-GOST94", - .id = 0x3000082, - .algorithm_mkey = SSL_kGOST, - .algorithm_auth = SSL_aGOST94, - .algorithm_enc = SSL_eNULL, - .algorithm_mac = SSL_GOST94, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, - .strength_bits = 0, - .alg_bits = 0 - }, - /* Cipher 83 */ { .valid = 1, diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index e1b2f9cf2dd..43880a0610c 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.91 2014/11/18 05:33:43 miod Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2134,9 +2134,7 @@ ssl3_get_client_key_exchange(SSL *s) /* Get our certificate private key*/ alg_a = s->s3->tmp.new_cipher->algorithm_auth; - if (alg_a & SSL_aGOST94) - pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; - else if (alg_a & SSL_aGOST01) + if (alg_a & SSL_aGOST01) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c index 752bac6c946..0d9cc3d65ca 100644 --- a/lib/libssl/src/ssl/s3_both.c +++ b/lib/libssl/src/ssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.32 2014/11/16 14:12:47 jsing Exp $ */ +/* $OpenBSD: s3_both.c,v 1.33 2014/12/10 15:36:46 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -542,9 +542,6 @@ ssl_cert_type(X509 *x, EVP_PKEY *pkey) } else if (i == EVP_PKEY_EC) { ret = SSL_PKEY_ECC; - } - else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) { - ret = SSL_PKEY_GOST94; } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) { ret = SSL_PKEY_GOST01; } diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index b3dbe327458..6a54dfa359f 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.97 2014/12/06 14:24:26 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.98 2014/12/10 15:36:46 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2207,8 +2207,6 @@ ssl3_send_client_key_exchange(SSL *s) /* Get server sertificate PKEY and create ctx from it */ peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509; - if (!peer_cert) - peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST94].x509; if (!peer_cert) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index 9897fba6c56..4beee2d53c4 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.86 2014/12/10 14:58:56 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.87 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -747,23 +747,6 @@ SSL_CIPHER ssl3_ciphers[] = { /* GOST Ciphersuites */ - /* Cipher 80 */ - { - .valid = 1, - .name = "GOST94-GOST89-GOST89", - .id = 0x3000080, - .algorithm_mkey = SSL_kGOST, - .algorithm_auth = SSL_aGOST94, - .algorithm_enc = SSL_eGOST2814789CNT, - .algorithm_mac = SSL_GOST89MAC, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| - TLS1_STREAM_MAC, - .strength_bits = 256, - .alg_bits = 256 - }, - /* Cipher 81 */ { .valid = 1, @@ -781,22 +764,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256 }, - /* Cipher 82 */ - { - .valid = 1, - .name = "GOST94-NULL-GOST94", - .id = 0x3000082, - .algorithm_mkey = SSL_kGOST, - .algorithm_auth = SSL_aGOST94, - .algorithm_enc = SSL_eNULL, - .algorithm_mac = SSL_GOST94, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, - .strength_bits = 0, - .alg_bits = 0 - }, - /* Cipher 83 */ { .valid = 1, diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index e1b2f9cf2dd..43880a0610c 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.91 2014/11/18 05:33:43 miod Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2134,9 +2134,7 @@ ssl3_get_client_key_exchange(SSL *s) /* Get our certificate private key*/ alg_a = s->s3->tmp.new_cipher->algorithm_auth; - if (alg_a & SSL_aGOST94) - pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; - else if (alg_a & SSL_aGOST01) + if (alg_a & SSL_aGOST01) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c index 8f830d990ab..323421f5dbc 100644 --- a/lib/libssl/src/ssl/ssl_cert.c +++ b/lib/libssl/src/ssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.47 2014/12/06 14:24:26 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.48 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -167,7 +167,6 @@ ssl_cert_set_default_md(CERT *cert) cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #ifndef OPENSSL_NO_GOST - cert->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194(); cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); #endif } diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c index 72f774e7a93..1d7b4145eb5 100644 --- a/lib/libssl/src/ssl/ssl_ciph.c +++ b/lib/libssl/src/ssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.77 2014/12/07 12:13:06 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.78 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -313,17 +313,13 @@ static const SSL_CIPHER cipher_aliases[] = { .name = SSL_TXT_ECDSA, .algorithm_auth = SSL_aECDSA, }, - { - .name = SSL_TXT_aGOST94, - .algorithm_auth = SSL_aGOST94, - }, { .name = SSL_TXT_aGOST01, .algorithm_auth = SSL_aGOST01, }, { .name = SSL_TXT_aGOST, - .algorithm_auth = SSL_aGOST94|SSL_aGOST01, + .algorithm_auth = SSL_aGOST01, }, /* aliases combining key exchange and server authentication */ @@ -808,12 +804,10 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, * algorithms. If they are not available disable the associated * authentication and key exchange algorithms. */ - if (EVP_PKEY_meth_find(NID_id_GostR3410_94) == NULL) - *auth |= SSL_aGOST94; - if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) + if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) { *auth |= SSL_aGOST01; - if (((~*auth) & (SSL_aGOST94|SSL_aGOST01)) == 0) *mkey |= SSL_kGOST; + } #ifdef SSL_FORBID_ENULL *enc |= SSL_eNULL; @@ -1589,9 +1583,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aECDSA: au = "ECDSA"; break; - case SSL_aGOST94: - au = "GOST94"; - break; case SSL_aGOST01: au = "GOST01"; break; diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index a03ee735ada..4369ba587a3 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.91 2014/12/10 14:58:56 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2051,11 +2051,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) mask_k |= SSL_kGOST; mask_a |= SSL_aGOST01; } - cpk = &(c->pkeys[SSL_PKEY_GOST94]); - if (cpk->x509 != NULL && cpk->privatekey !=NULL) { - mask_k |= SSL_kGOST; - mask_a |= SSL_aGOST94; - } if (rsa_enc) mask_k|=SSL_kRSA; @@ -2211,8 +2206,6 @@ ssl_get_server_send_pkey(const SSL *s) i = SSL_PKEY_RSA_SIGN; else i = SSL_PKEY_RSA_ENC; - } else if (alg_a & SSL_aGOST94) { - i = SSL_PKEY_GOST94; } else if (alg_a & SSL_aGOST01) { i = SSL_PKEY_GOST01; } else { /* if (alg_a & SSL_aNULL) */ diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index dcc17963ee5..b94249e9db6 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.79 2014/12/06 14:24:26 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.80 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -266,7 +266,6 @@ #define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ #define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */ #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ -#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ @@ -398,9 +397,8 @@ #define SSL_PKEY_DH_RSA 3 #define SSL_PKEY_DH_DSA 4 #define SSL_PKEY_ECC 5 -#define SSL_PKEY_GOST94 6 -#define SSL_PKEY_GOST01 7 -#define SSL_PKEY_NUM 8 +#define SSL_PKEY_GOST01 6 +#define SSL_PKEY_NUM 7 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c index 5df45ab3598..3b87d958cb7 100644 --- a/lib/libssl/src/ssl/t1_lib.c +++ b/lib/libssl/src/ssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.72 2014/12/10 14:58:56 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.73 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2448,7 +2448,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; c->pkeys[SSL_PKEY_ECC].digest = NULL; - c->pkeys[SSL_PKEY_GOST94].digest = NULL; c->pkeys[SSL_PKEY_GOST01].digest = NULL; for (i = 0; i < dsize; i += 2) { @@ -2496,8 +2495,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) if (!c->pkeys[SSL_PKEY_ECC].digest) c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #ifndef OPENSSL_NO_GOST - if (!c->pkeys[SSL_PKEY_GOST94].digest) - c->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194(); if (!c->pkeys[SSL_PKEY_GOST01].digest) c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); #endif diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 8f830d990ab..323421f5dbc 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.47 2014/12/06 14:24:26 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.48 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -167,7 +167,6 @@ ssl_cert_set_default_md(CERT *cert) cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #ifndef OPENSSL_NO_GOST - cert->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194(); cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); #endif } diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 72f774e7a93..1d7b4145eb5 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.77 2014/12/07 12:13:06 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.78 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -313,17 +313,13 @@ static const SSL_CIPHER cipher_aliases[] = { .name = SSL_TXT_ECDSA, .algorithm_auth = SSL_aECDSA, }, - { - .name = SSL_TXT_aGOST94, - .algorithm_auth = SSL_aGOST94, - }, { .name = SSL_TXT_aGOST01, .algorithm_auth = SSL_aGOST01, }, { .name = SSL_TXT_aGOST, - .algorithm_auth = SSL_aGOST94|SSL_aGOST01, + .algorithm_auth = SSL_aGOST01, }, /* aliases combining key exchange and server authentication */ @@ -808,12 +804,10 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, * algorithms. If they are not available disable the associated * authentication and key exchange algorithms. */ - if (EVP_PKEY_meth_find(NID_id_GostR3410_94) == NULL) - *auth |= SSL_aGOST94; - if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) + if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) { *auth |= SSL_aGOST01; - if (((~*auth) & (SSL_aGOST94|SSL_aGOST01)) == 0) *mkey |= SSL_kGOST; + } #ifdef SSL_FORBID_ENULL *enc |= SSL_eNULL; @@ -1589,9 +1583,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aECDSA: au = "ECDSA"; break; - case SSL_aGOST94: - au = "GOST94"; - break; case SSL_aGOST01: au = "GOST01"; break; diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index a03ee735ada..4369ba587a3 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.91 2014/12/10 14:58:56 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2051,11 +2051,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) mask_k |= SSL_kGOST; mask_a |= SSL_aGOST01; } - cpk = &(c->pkeys[SSL_PKEY_GOST94]); - if (cpk->x509 != NULL && cpk->privatekey !=NULL) { - mask_k |= SSL_kGOST; - mask_a |= SSL_aGOST94; - } if (rsa_enc) mask_k|=SSL_kRSA; @@ -2211,8 +2206,6 @@ ssl_get_server_send_pkey(const SSL *s) i = SSL_PKEY_RSA_SIGN; else i = SSL_PKEY_RSA_ENC; - } else if (alg_a & SSL_aGOST94) { - i = SSL_PKEY_GOST94; } else if (alg_a & SSL_aGOST01) { i = SSL_PKEY_GOST01; } else { /* if (alg_a & SSL_aNULL) */ diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index dcc17963ee5..b94249e9db6 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.79 2014/12/06 14:24:26 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.80 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -266,7 +266,6 @@ #define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ #define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */ #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ -#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ @@ -398,9 +397,8 @@ #define SSL_PKEY_DH_RSA 3 #define SSL_PKEY_DH_DSA 4 #define SSL_PKEY_ECC 5 -#define SSL_PKEY_GOST94 6 -#define SSL_PKEY_GOST01 7 -#define SSL_PKEY_NUM 8 +#define SSL_PKEY_GOST01 6 +#define SSL_PKEY_NUM 7 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 5df45ab3598..3b87d958cb7 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.72 2014/12/10 14:58:56 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.73 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2448,7 +2448,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; c->pkeys[SSL_PKEY_ECC].digest = NULL; - c->pkeys[SSL_PKEY_GOST94].digest = NULL; c->pkeys[SSL_PKEY_GOST01].digest = NULL; for (i = 0; i < dsize; i += 2) { @@ -2496,8 +2495,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) if (!c->pkeys[SSL_PKEY_ECC].digest) c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #ifndef OPENSSL_NO_GOST - if (!c->pkeys[SSL_PKEY_GOST94].digest) - c->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194(); if (!c->pkeys[SSL_PKEY_GOST01].digest) c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); #endif