Remove support for GOST R 34.10-94 signature authentication, along with

the two ciphersuites that use it. GOST94 public/private keys have been
long obsoleted and libcrypto does not have support for them anyway.

Discussed with Dmitry Eremin-Solenikov.

1 files changed, 1 insertions, 4 deletions

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 5df45ab359..3b87d958cb 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.72 2014/12/10 14:58:56 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.73 2014/12/10 15:36:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2448,7 +2448,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
         c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
         c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
         c->pkeys[SSL_PKEY_ECC].digest = NULL;
-        c->pkeys[SSL_PKEY_GOST94].digest = NULL;
         c->pkeys[SSL_PKEY_GOST01].digest = NULL;
 
         for (i = 0; i < dsize; i += 2) {
@@ -2496,8 +2495,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
         if (!c->pkeys[SSL_PKEY_ECC].digest)
                 c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #ifndef OPENSSL_NO_GOST
-        if (!c->pkeys[SSL_PKEY_GOST94].digest)
-                c->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194();
         if (!c->pkeys[SSL_PKEY_GOST01].digest)
                 c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
 #endif