Remove GOST and STREEBOG support from libssl.

This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
author: beck <> 2024-02-03 15:58:34 +0000
committer: beck <> 2024-02-03 15:58:34 +0000
commit: feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3 (patch)
tree: dc1f0834366a35df8a6de61e2722798629d7c4c2 /src/lib/libssl/ssl_ciph.c
parent: a931b9fe4c471545a30c6975c303fa27abc695af (diff)
download: openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.gz
openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.bz2
openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.zip
1 files changed, 6 insertions, 101 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index cea4d3e6f4..76a3840520 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.138 2024/01/04 20:02:10 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.139 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -212,10 +212,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .name = SSL_TXT_ECDH,
                .algorithm_mkey = SSL_kECDHE,
        },
-        {
-                .name = SSL_TXT_kGOST,
-                .algorithm_mkey = SSL_kGOST,
-        },
        /* server authentication aliases */
        {
@@ -242,14 +238,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .name = SSL_TXT_ECDSA,
                .algorithm_auth = SSL_aECDSA,
        },
-        {
-                .name = SSL_TXT_aGOST01,
-                .algorithm_auth = SSL_aGOST01,
-        },
-        {
-                .name = SSL_TXT_aGOST,
-                .algorithm_auth = SSL_aGOST01,
-        },
        /* aliases combining key exchange and server authentication */
        {
@@ -356,14 +344,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .algorithm_mac = SSL_SHA1,
        },
        {
-                .name = SSL_TXT_GOST94,
-                .algorithm_mac = SSL_GOST94,
-        },
-        {
-                .name = SSL_TXT_GOST89MAC,
-                .algorithm_mac = SSL_GOST89MAC,
-        },
-        {
                .name = SSL_TXT_SHA256,
                .algorithm_mac = SSL_SHA256,
        },
@@ -371,10 +351,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .name = SSL_TXT_SHA384,
                .algorithm_mac = SSL_SHA384,
        },
-        {
-                .name = SSL_TXT_STREEBOG256,
-                .algorithm_mac = SSL_STREEBOG256,
-        },
        /* protocol version aliases */
        {
@@ -472,11 +448,6 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
        case SSL_CAMELLIA256:
                *enc = EVP_camellia_256_cbc();
                break;
-#ifndef OPENSSL_NO_GOST
-        case SSL_eGOST2814789CNT:
-                *enc = EVP_gost2814789_cnt();
-                break;
-#endif
        }
        switch (ss->cipher->algorithm_mac) {
@@ -492,21 +463,11 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
        case SSL_SHA384:
                *md = EVP_sha384();
                break;
-#ifndef OPENSSL_NO_GOST
-        case SSL_GOST89MAC:
-                *md = EVP_gost2814789imit();
-                break;
-        case SSL_GOST94:
-                *md = EVP_gostr341194();
-                break;
-        case SSL_STREEBOG256:
-                *md = EVP_streebog256();
-                break;
-#endif
        }
        if (*enc == NULL || *md == NULL)
                return 0;
+        /* XXX remove these from ssl_cipher_get_evp? */
        /*
         * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not
         * supported via EVP_CIPHER (they should be using EVP_AEAD instead).
@@ -515,18 +476,9 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
                return 0;
        if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE)
                return 0;
-#ifndef OPENSSL_NO_GOST
-        /* XXX JFC. die in fire already */
+        *mac_pkey_type = EVP_PKEY_HMAC;
-        if (ss->cipher->algorithm_mac == SSL_GOST89MAC) {
+        *mac_secret_size = EVP_MD_size(*md);
-                *mac_pkey_type = EVP_PKEY_GOSTIMIT;
-                *mac_secret_size = 32; /* XXX */
-        } else {
-#endif
-                *mac_pkey_type = EVP_PKEY_HMAC;
-                *mac_secret_size = EVP_MD_size(*md);
-#ifndef OPENSSL_NO_GOST
-        }
-#endif
        return 1;
 }
@@ -581,14 +533,6 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
        case SSL_HANDSHAKE_MAC_DEFAULT:
                *md = EVP_md5_sha1();
                return 1;
-#ifndef OPENSSL_NO_GOST
-        case SSL_HANDSHAKE_MAC_GOST94:
-                *md = EVP_gostr341194();
-                return 1;
-        case SSL_HANDSHAKE_MAC_STREEBOG256:
-                *md = EVP_streebog256();
-                return 1;
-#endif
        case SSL_HANDSHAKE_MAC_SHA256:
                *md = EVP_sha256();
                return 1;
@@ -641,6 +585,7 @@ ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
        *head = curr;
 }
+/* XXX beck: remove this in a followon to removing GOST */
 static void
 ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
    unsigned long *enc, unsigned long *mac, unsigned long *ssl)
@@ -651,16 +596,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
        *mac = 0;
        *ssl = 0;
-        /*
-         * Check for the availability of GOST 34.10 public/private key
-         * algorithms. If they are not available disable the associated
-         * authentication and key exchange algorithms.
-         */
-#if defined(OPENSSL_NO_GOST) || !defined(EVP_PKEY_GOSTR01)
-        *auth |= SSL_aGOST01;
-        *mkey |= SSL_kGOST;
-#endif
 #ifdef SSL_FORBID_ENULL
        *enc |= SSL_eNULL;
 #endif
@@ -1455,9 +1390,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kECDHE:
                kx = "ECDH";
                break;
-        case SSL_kGOST:
-                kx = "GOST";
-                break;
        case SSL_kTLS1_3:
                kx = "TLSv1.3";
                break;
@@ -1478,9 +1410,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_aECDSA:
                au = "ECDSA";
                break;
-        case SSL_aGOST01:
-                au = "GOST01";
-                break;
        case SSL_aTLS1_3:
                au = "TLSv1.3";
                break;
@@ -1520,9 +1449,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_CHACHA20POLY1305:
                enc = "ChaCha20-Poly1305";
                break;
-        case SSL_eGOST2814789CNT:
-                enc = "GOST-28178-89-CNT";
-                break;
        default:
                enc = "unknown";
                break;
@@ -1544,15 +1470,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_AEAD:
                mac = "AEAD";
                break;
-        case SSL_GOST94:
-                mac = "GOST94";
-                break;
-        case SSL_GOST89MAC:
-                mac = "GOST89IMIT";
-                break;
-        case SSL_STREEBOG256:
-                mac = "STREEBOG256";
-                break;
        default:
                mac = "unknown";
                break;
@@ -1666,8 +1583,6 @@ SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
                return NID_des_cbc;
        case SSL_RC4:
                return NID_rc4;
-        case SSL_eGOST2814789CNT:
-                return NID_gost89_cnt;
        default:
                return NID_undef;
        }
@@ -1680,10 +1595,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
        switch (c->algorithm_mac) {
        case SSL_AEAD:
                return NID_undef;
-        case SSL_GOST89MAC:
-                return NID_id_Gost28147_89_MAC;
-        case SSL_GOST94:
-                return NID_id_GostR3411_94;
        case SSL_MD5:
                return NID_md5;
        case SSL_SHA1:
@@ -1692,8 +1603,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
                return NID_sha256;
        case SSL_SHA384:
                return NID_sha384;
-        case SSL_STREEBOG256:
-                return NID_id_tc26_gost3411_2012_256;
        default:
                return NID_undef;
        }
@@ -1708,8 +1617,6 @@ SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
                return NID_kx_dhe;
        case SSL_kECDHE:
                return NID_kx_ecdhe;
-        case SSL_kGOST:
-                return NID_kx_gost;
        case SSL_kRSA:
                return NID_kx_rsa;
        default:
@@ -1726,8 +1633,6 @@ SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
                return NID_auth_null;
        case SSL_aECDSA:
                return NID_auth_ecdsa;
-        case SSL_aGOST01:
-                return NID_auth_gost01;
        case SSL_aRSA:
                return NID_auth_rsa;
        default:
author	beck <>	2024-02-03 15:58:34 +0000
committer	beck <>	2024-02-03 15:58:34 +0000
commit	feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3 (patch)
tree	dc1f0834366a35df8a6de61e2722798629d7c4c2 /src/lib/libssl/ssl_ciph.c
parent	a931b9fe4c471545a30c6975c303fa27abc695af (diff)
download	openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.gz openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.bz2 openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.zip

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index cea4d3e6f4..76a3840520 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_ciph.c,v 1.138 2024/01/04 20:02:10 tb Exp $ */	1	/* $OpenBSD: ssl_ciph.c,v 1.139 2024/02/03 15:58:33 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -212,10 +212,6 @@ static const SSL_CIPHER cipher_aliases[] = {
212	.name = SSL_TXT_ECDH,	212	.name = SSL_TXT_ECDH,
213	.algorithm_mkey = SSL_kECDHE,	213	.algorithm_mkey = SSL_kECDHE,
214	},	214	},
215	{
216	.name = SSL_TXT_kGOST,
217	.algorithm_mkey = SSL_kGOST,
218	},
219		215
220	/* server authentication aliases */	216	/* server authentication aliases */
221	{	217	{
@@ -242,14 +238,6 @@ static const SSL_CIPHER cipher_aliases[] = {
242	.name = SSL_TXT_ECDSA,	238	.name = SSL_TXT_ECDSA,
243	.algorithm_auth = SSL_aECDSA,	239	.algorithm_auth = SSL_aECDSA,
244	},	240	},
245	{
246	.name = SSL_TXT_aGOST01,
247	.algorithm_auth = SSL_aGOST01,
248	},
249	{
250	.name = SSL_TXT_aGOST,
251	.algorithm_auth = SSL_aGOST01,
252	},
253		241
254	/* aliases combining key exchange and server authentication */	242	/* aliases combining key exchange and server authentication */
255	{	243	{
@@ -356,14 +344,6 @@ static const SSL_CIPHER cipher_aliases[] = {
356	.algorithm_mac = SSL_SHA1,	344	.algorithm_mac = SSL_SHA1,
357	},	345	},
358	{	346	{
359	.name = SSL_TXT_GOST94,
360	.algorithm_mac = SSL_GOST94,
361	},
362	{
363	.name = SSL_TXT_GOST89MAC,
364	.algorithm_mac = SSL_GOST89MAC,
365	},
366	{
367	.name = SSL_TXT_SHA256,	347	.name = SSL_TXT_SHA256,
368	.algorithm_mac = SSL_SHA256,	348	.algorithm_mac = SSL_SHA256,
369	},	349	},
@@ -371,10 +351,6 @@ static const SSL_CIPHER cipher_aliases[] = {
371	.name = SSL_TXT_SHA384,	351	.name = SSL_TXT_SHA384,
372	.algorithm_mac = SSL_SHA384,	352	.algorithm_mac = SSL_SHA384,
373	},	353	},
374	{
375	.name = SSL_TXT_STREEBOG256,
376	.algorithm_mac = SSL_STREEBOG256,
377	},
378		354
379	/* protocol version aliases */	355	/* protocol version aliases */
380	{	356	{
@@ -472,11 +448,6 @@ ssl_cipher_get_evp(const SSL_SESSION ss, const EVP_CIPHER *enc,
472	case SSL_CAMELLIA256:	448	case SSL_CAMELLIA256:
473	*enc = EVP_camellia_256_cbc();	449	*enc = EVP_camellia_256_cbc();
474	break;	450	break;
475	#ifndef OPENSSL_NO_GOST
476	case SSL_eGOST2814789CNT:
477	*enc = EVP_gost2814789_cnt();
478	break;
479	#endif
480	}	451	}
481		452
482	switch (ss->cipher->algorithm_mac) {	453	switch (ss->cipher->algorithm_mac) {
@@ -492,21 +463,11 @@ ssl_cipher_get_evp(const SSL_SESSION ss, const EVP_CIPHER *enc,
492	case SSL_SHA384:	463	case SSL_SHA384:
493	*md = EVP_sha384();	464	*md = EVP_sha384();
494	break;	465	break;
495	#ifndef OPENSSL_NO_GOST
496	case SSL_GOST89MAC:
497	*md = EVP_gost2814789imit();
498	break;
499	case SSL_GOST94:
500	*md = EVP_gostr341194();
501	break;
502	case SSL_STREEBOG256:
503	*md = EVP_streebog256();
504	break;
505	#endif
506	}	466	}
507	if (enc == NULL \|\| md == NULL)	467	if (enc == NULL \|\| md == NULL)
508	return 0;	468	return 0;
509		469
		470	/* XXX remove these from ssl_cipher_get_evp? */
510	/*	471	/*
511	* EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not	472	* EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not
512	* supported via EVP_CIPHER (they should be using EVP_AEAD instead).	473	* supported via EVP_CIPHER (they should be using EVP_AEAD instead).
@@ -515,18 +476,9 @@ ssl_cipher_get_evp(const SSL_SESSION ss, const EVP_CIPHER *enc,
515	return 0;	476	return 0;
516	if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE)	477	if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE)
517	return 0;	478	return 0;
518	#ifndef OPENSSL_NO_GOST	479
519	/* XXX JFC. die in fire already */	480	*mac_pkey_type = EVP_PKEY_HMAC;
520	if (ss->cipher->algorithm_mac == SSL_GOST89MAC) {	481	mac_secret_size = EVP_MD_size(md);
521	*mac_pkey_type = EVP_PKEY_GOSTIMIT;
522	mac_secret_size = 32; / XXX */
523	} else {
524	#endif
525	*mac_pkey_type = EVP_PKEY_HMAC;
526	mac_secret_size = EVP_MD_size(md);
527	#ifndef OPENSSL_NO_GOST
528	}
529	#endif
530	return 1;	482	return 1;
531	}	483	}
532		484
@@ -581,14 +533,6 @@ ssl_get_handshake_evp_md(SSL s, const EVP_MD *md)
581	case SSL_HANDSHAKE_MAC_DEFAULT:	533	case SSL_HANDSHAKE_MAC_DEFAULT:
582	*md = EVP_md5_sha1();	534	*md = EVP_md5_sha1();
583	return 1;	535	return 1;
584	#ifndef OPENSSL_NO_GOST
585	case SSL_HANDSHAKE_MAC_GOST94:
586	*md = EVP_gostr341194();
587	return 1;
588	case SSL_HANDSHAKE_MAC_STREEBOG256:
589	*md = EVP_streebog256();
590	return 1;
591	#endif
592	case SSL_HANDSHAKE_MAC_SHA256:	536	case SSL_HANDSHAKE_MAC_SHA256:
593	*md = EVP_sha256();	537	*md = EVP_sha256();
594	return 1;	538	return 1;
@@ -641,6 +585,7 @@ ll_append_head(CIPHER_ORDER *head, CIPHER_ORDER curr,
641	*head = curr;	585	*head = curr;
642	}	586	}
643		587
		588	/* XXX beck: remove this in a followon to removing GOST */
644	static void	589	static void
645	ssl_cipher_get_disabled(unsigned long mkey, unsigned long auth,	590	ssl_cipher_get_disabled(unsigned long mkey, unsigned long auth,
646	unsigned long enc, unsigned long mac, unsigned long *ssl)	591	unsigned long enc, unsigned long mac, unsigned long *ssl)
@@ -651,16 +596,6 @@ ssl_cipher_get_disabled(unsigned long mkey, unsigned long auth,
651	*mac = 0;	596	*mac = 0;
652	*ssl = 0;	597	*ssl = 0;
653		598
654	/*
655	* Check for the availability of GOST 34.10 public/private key
656	* algorithms. If they are not available disable the associated
657	* authentication and key exchange algorithms.
658	*/
659	#if defined(OPENSSL_NO_GOST) \|\| !defined(EVP_PKEY_GOSTR01)
660	*auth \|= SSL_aGOST01;
661	*mkey \|= SSL_kGOST;
662	#endif
663
664	#ifdef SSL_FORBID_ENULL	599	#ifdef SSL_FORBID_ENULL
665	*enc \|= SSL_eNULL;	600	*enc \|= SSL_eNULL;
666	#endif	601	#endif
@@ -1455,9 +1390,6 @@ SSL_CIPHER_description(const SSL_CIPHER cipher, char buf, int len)
1455	case SSL_kECDHE:	1390	case SSL_kECDHE:
1456	kx = "ECDH";	1391	kx = "ECDH";
1457	break;	1392	break;
1458	case SSL_kGOST:
1459	kx = "GOST";
1460	break;
1461	case SSL_kTLS1_3:	1393	case SSL_kTLS1_3:
1462	kx = "TLSv1.3";	1394	kx = "TLSv1.3";
1463	break;	1395	break;
@@ -1478,9 +1410,6 @@ SSL_CIPHER_description(const SSL_CIPHER cipher, char buf, int len)
1478	case SSL_aECDSA:	1410	case SSL_aECDSA:
1479	au = "ECDSA";	1411	au = "ECDSA";
1480	break;	1412	break;
1481	case SSL_aGOST01:
1482	au = "GOST01";
1483	break;
1484	case SSL_aTLS1_3:	1413	case SSL_aTLS1_3:
1485	au = "TLSv1.3";	1414	au = "TLSv1.3";
1486	break;	1415	break;
@@ -1520,9 +1449,6 @@ SSL_CIPHER_description(const SSL_CIPHER cipher, char buf, int len)
1520	case SSL_CHACHA20POLY1305:	1449	case SSL_CHACHA20POLY1305:
1521	enc = "ChaCha20-Poly1305";	1450	enc = "ChaCha20-Poly1305";
1522	break;	1451	break;
1523	case SSL_eGOST2814789CNT:
1524	enc = "GOST-28178-89-CNT";
1525	break;
1526	default:	1452	default:
1527	enc = "unknown";	1453	enc = "unknown";
1528	break;	1454	break;
@@ -1544,15 +1470,6 @@ SSL_CIPHER_description(const SSL_CIPHER cipher, char buf, int len)
1544	case SSL_AEAD:	1470	case SSL_AEAD:
1545	mac = "AEAD";	1471	mac = "AEAD";
1546	break;	1472	break;
1547	case SSL_GOST94:
1548	mac = "GOST94";
1549	break;
1550	case SSL_GOST89MAC:
1551	mac = "GOST89IMIT";
1552	break;
1553	case SSL_STREEBOG256:
1554	mac = "STREEBOG256";
1555	break;
1556	default:	1473	default:
1557	mac = "unknown";	1474	mac = "unknown";
1558	break;	1475	break;
@@ -1666,8 +1583,6 @@ SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
1666	return NID_des_cbc;	1583	return NID_des_cbc;
1667	case SSL_RC4:	1584	case SSL_RC4:
1668	return NID_rc4;	1585	return NID_rc4;
1669	case SSL_eGOST2814789CNT:
1670	return NID_gost89_cnt;
1671	default:	1586	default:
1672	return NID_undef;	1587	return NID_undef;
1673	}	1588	}
@@ -1680,10 +1595,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
1680	switch (c->algorithm_mac) {	1595	switch (c->algorithm_mac) {
1681	case SSL_AEAD:	1596	case SSL_AEAD:
1682	return NID_undef;	1597	return NID_undef;
1683	case SSL_GOST89MAC:
1684	return NID_id_Gost28147_89_MAC;
1685	case SSL_GOST94:
1686	return NID_id_GostR3411_94;
1687	case SSL_MD5:	1598	case SSL_MD5:
1688	return NID_md5;	1599	return NID_md5;
1689	case SSL_SHA1:	1600	case SSL_SHA1:
@@ -1692,8 +1603,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
1692	return NID_sha256;	1603	return NID_sha256;
1693	case SSL_SHA384:	1604	case SSL_SHA384:
1694	return NID_sha384;	1605	return NID_sha384;
1695	case SSL_STREEBOG256:
1696	return NID_id_tc26_gost3411_2012_256;
1697	default:	1606	default:
1698	return NID_undef;	1607	return NID_undef;
1699	}	1608	}
@@ -1708,8 +1617,6 @@ SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
1708	return NID_kx_dhe;	1617	return NID_kx_dhe;
1709	case SSL_kECDHE:	1618	case SSL_kECDHE:
1710	return NID_kx_ecdhe;	1619	return NID_kx_ecdhe;
1711	case SSL_kGOST:
1712	return NID_kx_gost;
1713	case SSL_kRSA:	1620	case SSL_kRSA:
1714	return NID_kx_rsa;	1621	return NID_kx_rsa;
1715	default:	1622	default:
@@ -1726,8 +1633,6 @@ SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
1726	return NID_auth_null;	1633	return NID_auth_null;
1727	case SSL_aECDSA:	1634	case SSL_aECDSA:
1728	return NID_auth_ecdsa;	1635	return NID_auth_ecdsa;
1729	case SSL_aGOST01:
1730	return NID_auth_gost01;
1731	case SSL_aRSA:	1636	case SSL_aRSA:
1732	return NID_auth_rsa;	1637	return NID_auth_rsa;
1733	default:	1638	default: