diff options
| author | jsing <> | 2014-12-10 15:36:47 +0000 |
|---|---|---|
| committer | jsing <> | 2014-12-10 15:36:47 +0000 |
| commit | 091bf547974906c9be5137a27f2db864521aaa69 (patch) | |
| tree | 8f2441ed940045edc4ad4d11ab3d8395f2830a78 /src/lib/libssl/ssl_ciph.c | |
| parent | 72ac14b2bd5b2397707e53cef778b9da5af1498f (diff) | |
| download | openbsd-091bf547974906c9be5137a27f2db864521aaa69.tar.gz openbsd-091bf547974906c9be5137a27f2db864521aaa69.tar.bz2 openbsd-091bf547974906c9be5137a27f2db864521aaa69.zip | |
Remove support for GOST R 34.10-94 signature authentication, along with
the two ciphersuites that use it. GOST94 public/private keys have been
long obsoleted and libcrypto does not have support for them anyway.
Discussed with Dmitry Eremin-Solenikov.
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 72f774e7a9..1d7b4145eb 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.77 2014/12/07 12:13:06 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.78 2014/12/10 15:36:47 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -314,16 +314,12 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 314 | .algorithm_auth = SSL_aECDSA, | 314 | .algorithm_auth = SSL_aECDSA, |
| 315 | }, | 315 | }, |
| 316 | { | 316 | { |
| 317 | .name = SSL_TXT_aGOST94, | ||
| 318 | .algorithm_auth = SSL_aGOST94, | ||
| 319 | }, | ||
| 320 | { | ||
| 321 | .name = SSL_TXT_aGOST01, | 317 | .name = SSL_TXT_aGOST01, |
| 322 | .algorithm_auth = SSL_aGOST01, | 318 | .algorithm_auth = SSL_aGOST01, |
| 323 | }, | 319 | }, |
| 324 | { | 320 | { |
| 325 | .name = SSL_TXT_aGOST, | 321 | .name = SSL_TXT_aGOST, |
| 326 | .algorithm_auth = SSL_aGOST94|SSL_aGOST01, | 322 | .algorithm_auth = SSL_aGOST01, |
| 327 | }, | 323 | }, |
| 328 | 324 | ||
| 329 | /* aliases combining key exchange and server authentication */ | 325 | /* aliases combining key exchange and server authentication */ |
| @@ -808,12 +804,10 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, | |||
| 808 | * algorithms. If they are not available disable the associated | 804 | * algorithms. If they are not available disable the associated |
| 809 | * authentication and key exchange algorithms. | 805 | * authentication and key exchange algorithms. |
| 810 | */ | 806 | */ |
| 811 | if (EVP_PKEY_meth_find(NID_id_GostR3410_94) == NULL) | 807 | if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) { |
| 812 | *auth |= SSL_aGOST94; | ||
| 813 | if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) | ||
| 814 | *auth |= SSL_aGOST01; | 808 | *auth |= SSL_aGOST01; |
| 815 | if (((~*auth) & (SSL_aGOST94|SSL_aGOST01)) == 0) | ||
| 816 | *mkey |= SSL_kGOST; | 809 | *mkey |= SSL_kGOST; |
| 810 | } | ||
| 817 | 811 | ||
| 818 | #ifdef SSL_FORBID_ENULL | 812 | #ifdef SSL_FORBID_ENULL |
| 819 | *enc |= SSL_eNULL; | 813 | *enc |= SSL_eNULL; |
| @@ -1589,9 +1583,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1589 | case SSL_aECDSA: | 1583 | case SSL_aECDSA: |
| 1590 | au = "ECDSA"; | 1584 | au = "ECDSA"; |
| 1591 | break; | 1585 | break; |
| 1592 | case SSL_aGOST94: | ||
| 1593 | au = "GOST94"; | ||
| 1594 | break; | ||
| 1595 | case SSL_aGOST01: | 1586 | case SSL_aGOST01: |
| 1596 | au = "GOST01"; | 1587 | au = "GOST01"; |
| 1597 | break; | 1588 | break; |