Remove STREEBOG 512 as a TLS MAC since there are currently no cipher suites

that make use of it.

ok bcook@ inoguchi@

1 files changed, 4 insertions, 22 deletions

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 9808c7c37f..3e991fa577 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.93 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.94 2017/02/21 15:28:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -176,29 +176,27 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
 #define SSL_MD_SHA256_IDX 4
 #define SSL_MD_SHA384_IDX 5
 #define SSL_MD_STREEBOG256_IDX 6
-#define SSL_MD_STREEBOG512_IDX 7
 /*Constant SSL_MAX_DIGEST equal to size of digests array should be
  * defined in the
  * ssl_locl.h */
 #define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+        NULL, NULL, NULL, NULL, NULL, NULL, NULL,
 };
 
 static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
         EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_GOSTIMIT,
-        EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC,
+        EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC,
 };
 
 static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
-        0, 0, 0, 0, 0, 0, 0, 0
+        0, 0, 0, 0, 0, 0, 0,
 };
 
 static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
         SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
         SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
         SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256,
-        SSL_HANDSHAKE_MAC_STREEBOG512
 };
 
 #define CIPHER_ADD      1
@@ -436,10 +434,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                 .name = SSL_TXT_STREEBOG256,
                 .algorithm_mac = SSL_STREEBOG256,
         },
-        {
-                .name = SSL_TXT_STREEBOG512,
-                .algorithm_mac = SSL_STREEBOG512,
-        },
 
         /* protocol version aliases */
         {
@@ -531,10 +525,6 @@ ssl_load_ciphers(void)
             EVP_get_digestbyname(SN_id_tc26_gost3411_2012_256);
         ssl_mac_secret_size[SSL_MD_STREEBOG256_IDX] =
             EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG256_IDX]);
-        ssl_digest_methods[SSL_MD_STREEBOG512_IDX] =
-            EVP_get_digestbyname(SN_id_tc26_gost3411_2012_512);
-        ssl_mac_secret_size[SSL_MD_STREEBOG512_IDX] =
-            EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG512_IDX]);
 }
 
 int
@@ -631,9 +621,6 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
         case SSL_STREEBOG256:
                 i = SSL_MD_STREEBOG256_IDX;
                 break;
-        case SSL_STREEBOG512:
-                i = SSL_MD_STREEBOG512_IDX;
-                break;
         default:
                 i = -1;
                 break;
@@ -814,8 +801,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
         *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0;
         *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL) ? SSL_GOST89MAC : 0;
         *mac |= (ssl_digest_methods[SSL_MD_STREEBOG256_IDX] == NULL) ? SSL_STREEBOG256 : 0;
-        *mac |= (ssl_digest_methods[SSL_MD_STREEBOG512_IDX] == NULL) ? SSL_STREEBOG512 : 0;
-
 }
 
 static void
@@ -1671,9 +1656,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_STREEBOG256:
                 mac = "STREEBOG256";
                 break;
-        case SSL_STREEBOG512:
-                mac = "STREEBOG512";
-                break;
         default:
                 mac = "unknown";
                 break;