diff options
author | beck <> | 2024-02-03 15:58:34 +0000 |
---|---|---|
committer | beck <> | 2024-02-03 15:58:34 +0000 |
commit | feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3 (patch) | |
tree | dc1f0834366a35df8a6de61e2722798629d7c4c2 /src/lib/libssl/ssl_local.h | |
parent | a931b9fe4c471545a30c6975c303fa27abc695af (diff) | |
download | openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.gz openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.bz2 openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.zip |
Remove GOST and STREEBOG support from libssl.
This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywhere. Efforts to entice a suitably minded anyone
to care about it have been unsuccessful.
At this point it is probably best to remove this, and if someone
ever showed up who truly needed a working version, it should be
a clean implementation from scratch, and have it use something
closer to the typical API in libcrypto so it would integrate less
painfully here.
This removes it from libssl in preparation for it's removal from
libcrypto with a future major bump
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_local.h')
-rw-r--r-- | src/lib/libssl/ssl_local.h | 20 |
1 files changed, 2 insertions, 18 deletions
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h index bd6275fac7..b4d093b226 100644 --- a/src/lib/libssl/ssl_local.h +++ b/src/lib/libssl/ssl_local.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_local.h,v 1.12 2023/12/29 12:24:33 tb Exp $ */ | 1 | /* $OpenBSD: ssl_local.h,v 1.13 2024/02/03 15:58:34 beck Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -197,7 +197,6 @@ __BEGIN_HIDDEN_DECLS | |||
197 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ | 197 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ |
198 | #define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ | 198 | #define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ |
199 | #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ | 199 | #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ |
200 | #define SSL_kGOST 0x00000200L /* GOST key exchange */ | ||
201 | #define SSL_kTLS1_3 0x00000400L /* TLSv1.3 key exchange */ | 200 | #define SSL_kTLS1_3 0x00000400L /* TLSv1.3 key exchange */ |
202 | 201 | ||
203 | /* Bits for algorithm_auth (server authentication) */ | 202 | /* Bits for algorithm_auth (server authentication) */ |
@@ -205,7 +204,6 @@ __BEGIN_HIDDEN_DECLS | |||
205 | #define SSL_aDSS 0x00000002L /* DSS auth */ | 204 | #define SSL_aDSS 0x00000002L /* DSS auth */ |
206 | #define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ | 205 | #define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ |
207 | #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ | 206 | #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ |
208 | #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ | ||
209 | #define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */ | 207 | #define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */ |
210 | 208 | ||
211 | /* Bits for algorithm_enc (symmetric encryption) */ | 209 | /* Bits for algorithm_enc (symmetric encryption) */ |
@@ -218,7 +216,6 @@ __BEGIN_HIDDEN_DECLS | |||
218 | #define SSL_AES256 0x00000040L | 216 | #define SSL_AES256 0x00000040L |
219 | #define SSL_CAMELLIA128 0x00000080L | 217 | #define SSL_CAMELLIA128 0x00000080L |
220 | #define SSL_CAMELLIA256 0x00000100L | 218 | #define SSL_CAMELLIA256 0x00000100L |
221 | #define SSL_eGOST2814789CNT 0x00000200L | ||
222 | #define SSL_AES128GCM 0x00000400L | 219 | #define SSL_AES128GCM 0x00000400L |
223 | #define SSL_AES256GCM 0x00000800L | 220 | #define SSL_AES256GCM 0x00000800L |
224 | #define SSL_CHACHA20POLY1305 0x00001000L | 221 | #define SSL_CHACHA20POLY1305 0x00001000L |
@@ -231,8 +228,6 @@ __BEGIN_HIDDEN_DECLS | |||
231 | 228 | ||
232 | #define SSL_MD5 0x00000001L | 229 | #define SSL_MD5 0x00000001L |
233 | #define SSL_SHA1 0x00000002L | 230 | #define SSL_SHA1 0x00000002L |
234 | #define SSL_GOST94 0x00000004L | ||
235 | #define SSL_GOST89MAC 0x00000008L | ||
236 | #define SSL_SHA256 0x00000010L | 231 | #define SSL_SHA256 0x00000010L |
237 | #define SSL_SHA384 0x00000020L | 232 | #define SSL_SHA384 0x00000020L |
238 | /* Not a real MAC, just an indication it is part of cipher */ | 233 | /* Not a real MAC, just an indication it is part of cipher */ |
@@ -251,10 +246,8 @@ __BEGIN_HIDDEN_DECLS | |||
251 | #define SSL_HANDSHAKE_MAC_MASK 0xff0 | 246 | #define SSL_HANDSHAKE_MAC_MASK 0xff0 |
252 | #define SSL_HANDSHAKE_MAC_MD5 0x010 | 247 | #define SSL_HANDSHAKE_MAC_MD5 0x010 |
253 | #define SSL_HANDSHAKE_MAC_SHA 0x020 | 248 | #define SSL_HANDSHAKE_MAC_SHA 0x020 |
254 | #define SSL_HANDSHAKE_MAC_GOST94 0x040 | ||
255 | #define SSL_HANDSHAKE_MAC_SHA256 0x080 | 249 | #define SSL_HANDSHAKE_MAC_SHA256 0x080 |
256 | #define SSL_HANDSHAKE_MAC_SHA384 0x100 | 250 | #define SSL_HANDSHAKE_MAC_SHA384 0x100 |
257 | #define SSL_HANDSHAKE_MAC_STREEBOG256 0x200 | ||
258 | #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) | 251 | #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) |
259 | 252 | ||
260 | #define SSL3_CK_ID 0x03000000 | 253 | #define SSL3_CK_ID 0x03000000 |
@@ -267,17 +260,9 @@ __BEGIN_HIDDEN_DECLS | |||
267 | #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) | 260 | #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) |
268 | #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) | 261 | #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) |
269 | #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) | 262 | #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) |
270 | #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) | ||
271 | #define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT) | ||
272 | #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) | 263 | #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) |
273 | 264 | ||
274 | /* | 265 | /* |
275 | * Stream MAC for GOST ciphersuites from cryptopro draft | ||
276 | * (currently this also goes into algorithm2). | ||
277 | */ | ||
278 | #define TLS1_STREAM_MAC 0x04 | ||
279 | |||
280 | /* | ||
281 | * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that | 266 | * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that |
282 | * indicates that the variable part of the nonce is included as a prefix of | 267 | * indicates that the variable part of the nonce is included as a prefix of |
283 | * the record (AES-GCM, for example, does this with an 8-byte variable nonce.) | 268 | * the record (AES-GCM, for example, does this with an 8-byte variable nonce.) |
@@ -324,8 +309,7 @@ __BEGIN_HIDDEN_DECLS | |||
324 | 309 | ||
325 | #define SSL_PKEY_RSA 0 | 310 | #define SSL_PKEY_RSA 0 |
326 | #define SSL_PKEY_ECC 1 | 311 | #define SSL_PKEY_ECC 1 |
327 | #define SSL_PKEY_GOST01 2 | 312 | #define SSL_PKEY_NUM 2 |
328 | #define SSL_PKEY_NUM 3 | ||
329 | 313 | ||
330 | #define SSL_MAX_EMPTY_RECORDS 32 | 314 | #define SSL_MAX_EMPTY_RECORDS 32 |
331 | 315 | ||