Remove GOST and STREEBOG support from libssl.

This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
author: beck <> 2024-02-03 15:58:34 +0000
committer: beck <> 2024-02-03 15:58:34 +0000
commit: feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3 (patch)
tree: dc1f0834366a35df8a6de61e2722798629d7c4c2 /src/lib/libssl/ssl_sigalgs.c
parent: a931b9fe4c471545a30c6975c303fa27abc695af (diff)
download: openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.gz
openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.bz2
openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.zip
1 files changed, 1 insertions, 27 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index f59beb4320..9876e82a6f 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.48 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.49 2024/02/03 15:58:34 beck Exp $ */
 /*
 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -41,14 +41,6 @@ const struct ssl_sigalg sigalgs[] = {
                .security_level = 5,
                .group_nid = NID_secp521r1,
        },
-#ifndef OPENSSL_NO_GOST
-        {
-                .value = SIGALG_GOSTR12_512_STREEBOG_512,
-                .key_type = EVP_PKEY_GOSTR12_512,
-                .md = EVP_streebog512,
-                .security_level = 0,
-        },
-#endif
        {
                .value = SIGALG_RSA_PKCS1_SHA384,
                .key_type = EVP_PKEY_RSA,
@@ -75,20 +67,6 @@ const struct ssl_sigalg sigalgs[] = {
                .security_level = 3,
                .group_nid = NID_X9_62_prime256v1,
        },
-#ifndef OPENSSL_NO_GOST
-        {
-                .value = SIGALG_GOSTR12_256_STREEBOG_256,
-                .key_type = EVP_PKEY_GOSTR12_256,
-                .md = EVP_streebog256,
-                .security_level = 0,
-        },
-        {
-                .value = SIGALG_GOSTR01_GOST94,
-                .key_type = EVP_PKEY_GOSTR01,
-                .md = EVP_gostr341194,
-                .security_level = 0, /* XXX */
-        },
-#endif
        {
                .value = SIGALG_RSA_PSS_RSAE_SHA256,
                .key_type = EVP_PKEY_RSA,
@@ -283,10 +261,6 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
                return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
        case EVP_PKEY_EC:
                return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
-#ifndef OPENSSL_NO_GOST
-        case EVP_PKEY_GOSTR01:
-                return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
-#endif
        }
        SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
        return NULL;
author	beck <>	2024-02-03 15:58:34 +0000
committer	beck <>	2024-02-03 15:58:34 +0000
commit	feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3 (patch)
tree	dc1f0834366a35df8a6de61e2722798629d7c4c2 /src/lib/libssl/ssl_sigalgs.c
parent	a931b9fe4c471545a30c6975c303fa27abc695af (diff)
download	openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.gz openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.bz2 openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.zip

diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index f59beb4320..9876e82a6f 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sigalgs.c,v 1.48 2022/11/26 16:08:56 tb Exp $ */	1	/* $OpenBSD: ssl_sigalgs.c,v 1.49 2024/02/03 15:58:34 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
4	* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>	4	* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -41,14 +41,6 @@ const struct ssl_sigalg sigalgs[] = {
41	.security_level = 5,	41	.security_level = 5,
42	.group_nid = NID_secp521r1,	42	.group_nid = NID_secp521r1,
43	},	43	},
44	#ifndef OPENSSL_NO_GOST
45	{
46	.value = SIGALG_GOSTR12_512_STREEBOG_512,
47	.key_type = EVP_PKEY_GOSTR12_512,
48	.md = EVP_streebog512,
49	.security_level = 0,
50	},
51	#endif
52	{	44	{
53	.value = SIGALG_RSA_PKCS1_SHA384,	45	.value = SIGALG_RSA_PKCS1_SHA384,
54	.key_type = EVP_PKEY_RSA,	46	.key_type = EVP_PKEY_RSA,
@@ -75,20 +67,6 @@ const struct ssl_sigalg sigalgs[] = {
75	.security_level = 3,	67	.security_level = 3,
76	.group_nid = NID_X9_62_prime256v1,	68	.group_nid = NID_X9_62_prime256v1,
77	},	69	},
78	#ifndef OPENSSL_NO_GOST
79	{
80	.value = SIGALG_GOSTR12_256_STREEBOG_256,
81	.key_type = EVP_PKEY_GOSTR12_256,
82	.md = EVP_streebog256,
83	.security_level = 0,
84	},
85	{
86	.value = SIGALG_GOSTR01_GOST94,
87	.key_type = EVP_PKEY_GOSTR01,
88	.md = EVP_gostr341194,
89	.security_level = 0, /* XXX */
90	},
91	#endif
92	{	70	{
93	.value = SIGALG_RSA_PSS_RSAE_SHA256,	71	.value = SIGALG_RSA_PSS_RSAE_SHA256,
94	.key_type = EVP_PKEY_RSA,	72	.key_type = EVP_PKEY_RSA,
@@ -283,10 +261,6 @@ ssl_sigalg_for_legacy(SSL s, EVP_PKEY pkey)
283	return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);	261	return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
284	case EVP_PKEY_EC:	262	case EVP_PKEY_EC:
285	return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);	263	return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
286	#ifndef OPENSSL_NO_GOST
287	case EVP_PKEY_GOSTR01:
288	return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
289	#endif
290	}	264	}
291	SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);	265	SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
292	return NULL;	266	return NULL;