summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_local.h
diff options
context:
space:
mode:
authorbeck <>2024-02-03 15:58:34 +0000
committerbeck <>2024-02-03 15:58:34 +0000
commitfeaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3 (patch)
treedc1f0834366a35df8a6de61e2722798629d7c4c2 /src/lib/libssl/ssl_local.h
parenta931b9fe4c471545a30c6975c303fa27abc695af (diff)
downloadopenbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.gz
openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.bz2
openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.zip
Remove GOST and STREEBOG support from libssl.
This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_local.h')
-rw-r--r--src/lib/libssl/ssl_local.h20
1 files changed, 2 insertions, 18 deletions
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index bd6275fac7..b4d093b226 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_local.h,v 1.12 2023/12/29 12:24:33 tb Exp $ */ 1/* $OpenBSD: ssl_local.h,v 1.13 2024/02/03 15:58:34 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -197,7 +197,6 @@ __BEGIN_HIDDEN_DECLS
197#define SSL_kRSA 0x00000001L /* RSA key exchange */ 197#define SSL_kRSA 0x00000001L /* RSA key exchange */
198#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ 198#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
199#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ 199#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
200#define SSL_kGOST 0x00000200L /* GOST key exchange */
201#define SSL_kTLS1_3 0x00000400L /* TLSv1.3 key exchange */ 200#define SSL_kTLS1_3 0x00000400L /* TLSv1.3 key exchange */
202 201
203/* Bits for algorithm_auth (server authentication) */ 202/* Bits for algorithm_auth (server authentication) */
@@ -205,7 +204,6 @@ __BEGIN_HIDDEN_DECLS
205#define SSL_aDSS 0x00000002L /* DSS auth */ 204#define SSL_aDSS 0x00000002L /* DSS auth */
206#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ 205#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
207#define SSL_aECDSA 0x00000040L /* ECDSA auth*/ 206#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
208#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
209#define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */ 207#define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */
210 208
211/* Bits for algorithm_enc (symmetric encryption) */ 209/* Bits for algorithm_enc (symmetric encryption) */
@@ -218,7 +216,6 @@ __BEGIN_HIDDEN_DECLS
218#define SSL_AES256 0x00000040L 216#define SSL_AES256 0x00000040L
219#define SSL_CAMELLIA128 0x00000080L 217#define SSL_CAMELLIA128 0x00000080L
220#define SSL_CAMELLIA256 0x00000100L 218#define SSL_CAMELLIA256 0x00000100L
221#define SSL_eGOST2814789CNT 0x00000200L
222#define SSL_AES128GCM 0x00000400L 219#define SSL_AES128GCM 0x00000400L
223#define SSL_AES256GCM 0x00000800L 220#define SSL_AES256GCM 0x00000800L
224#define SSL_CHACHA20POLY1305 0x00001000L 221#define SSL_CHACHA20POLY1305 0x00001000L
@@ -231,8 +228,6 @@ __BEGIN_HIDDEN_DECLS
231 228
232#define SSL_MD5 0x00000001L 229#define SSL_MD5 0x00000001L
233#define SSL_SHA1 0x00000002L 230#define SSL_SHA1 0x00000002L
234#define SSL_GOST94 0x00000004L
235#define SSL_GOST89MAC 0x00000008L
236#define SSL_SHA256 0x00000010L 231#define SSL_SHA256 0x00000010L
237#define SSL_SHA384 0x00000020L 232#define SSL_SHA384 0x00000020L
238/* Not a real MAC, just an indication it is part of cipher */ 233/* Not a real MAC, just an indication it is part of cipher */
@@ -251,10 +246,8 @@ __BEGIN_HIDDEN_DECLS
251#define SSL_HANDSHAKE_MAC_MASK 0xff0 246#define SSL_HANDSHAKE_MAC_MASK 0xff0
252#define SSL_HANDSHAKE_MAC_MD5 0x010 247#define SSL_HANDSHAKE_MAC_MD5 0x010
253#define SSL_HANDSHAKE_MAC_SHA 0x020 248#define SSL_HANDSHAKE_MAC_SHA 0x020
254#define SSL_HANDSHAKE_MAC_GOST94 0x040
255#define SSL_HANDSHAKE_MAC_SHA256 0x080 249#define SSL_HANDSHAKE_MAC_SHA256 0x080
256#define SSL_HANDSHAKE_MAC_SHA384 0x100 250#define SSL_HANDSHAKE_MAC_SHA384 0x100
257#define SSL_HANDSHAKE_MAC_STREEBOG256 0x200
258#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) 251#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
259 252
260#define SSL3_CK_ID 0x03000000 253#define SSL3_CK_ID 0x03000000
@@ -267,17 +260,9 @@ __BEGIN_HIDDEN_DECLS
267#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) 260#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
268#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) 261#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
269#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) 262#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
270#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
271#define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT)
272#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) 263#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
273 264
274/* 265/*
275 * Stream MAC for GOST ciphersuites from cryptopro draft
276 * (currently this also goes into algorithm2).
277 */
278#define TLS1_STREAM_MAC 0x04
279
280/*
281 * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that 266 * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that
282 * indicates that the variable part of the nonce is included as a prefix of 267 * indicates that the variable part of the nonce is included as a prefix of
283 * the record (AES-GCM, for example, does this with an 8-byte variable nonce.) 268 * the record (AES-GCM, for example, does this with an 8-byte variable nonce.)
@@ -324,8 +309,7 @@ __BEGIN_HIDDEN_DECLS
324 309
325#define SSL_PKEY_RSA 0 310#define SSL_PKEY_RSA 0
326#define SSL_PKEY_ECC 1 311#define SSL_PKEY_ECC 1
327#define SSL_PKEY_GOST01 2 312#define SSL_PKEY_NUM 2
328#define SSL_PKEY_NUM 3
329 313
330#define SSL_MAX_EMPTY_RECORDS 32 314#define SSL_MAX_EMPTY_RECORDS 32
331 315