Remove STREEBOG 512 as a TLS MAC since there are currently no cipher suites

that make use of it. ok bcook@ inoguchi@
author: jsing <> 2017-02-21 15:28:27 +0000
committer: jsing <> 2017-02-21 15:28:27 +0000
commit: bbf39c51547681478cc1780b967a50a231e69774 (patch)
tree: 6cf136c9fd33f9f817232c034769b204fea65a9d /src/lib
parent: e4cef9bced16350744580abd330057344d98a9fd (diff)
download: openbsd-bbf39c51547681478cc1780b967a50a231e69774.tar.gz
openbsd-bbf39c51547681478cc1780b967a50a231e69774.tar.bz2
openbsd-bbf39c51547681478cc1780b967a50a231e69774.zip
2 files changed, 6 insertions, 26 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 9808c7c37f..3e991fa577 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.93 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.94 2017/02/21 15:28:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -176,29 +176,27 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
 #define SSL_MD_SHA256_IDX 4
 #define SSL_MD_SHA384_IDX 5
 #define SSL_MD_STREEBOG256_IDX 6
-#define SSL_MD_STREEBOG512_IDX 7
 /*Constant SSL_MAX_DIGEST equal to size of digests array should be
 * defined in the
 * ssl_locl.h */
 #define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+        NULL, NULL, NULL, NULL, NULL, NULL, NULL,
 };
 static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
        EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_GOSTIMIT,
-        EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC,
+        EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC,
 };
 static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
-        0, 0, 0, 0, 0, 0, 0, 0
+        0, 0, 0, 0, 0, 0, 0,
 };
 static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
        SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
        SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
        SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256,
-        SSL_HANDSHAKE_MAC_STREEBOG512
 };
 #define CIPHER_ADD      1
@@ -436,10 +434,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .name = SSL_TXT_STREEBOG256,
                .algorithm_mac = SSL_STREEBOG256,
        },
-        {
-                .name = SSL_TXT_STREEBOG512,
-                .algorithm_mac = SSL_STREEBOG512,
-        },
        /* protocol version aliases */
        {
@@ -531,10 +525,6 @@ ssl_load_ciphers(void)
            EVP_get_digestbyname(SN_id_tc26_gost3411_2012_256);
        ssl_mac_secret_size[SSL_MD_STREEBOG256_IDX] =
            EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG256_IDX]);
-        ssl_digest_methods[SSL_MD_STREEBOG512_IDX] =
-            EVP_get_digestbyname(SN_id_tc26_gost3411_2012_512);
-        ssl_mac_secret_size[SSL_MD_STREEBOG512_IDX] =
-            EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG512_IDX]);
 }
 int
@@ -631,9 +621,6 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_STREEBOG256:
                i = SSL_MD_STREEBOG256_IDX;
                break;
-        case SSL_STREEBOG512:
-                i = SSL_MD_STREEBOG512_IDX;
-                break;
        default:
                i = -1;
                break;
@@ -814,8 +801,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
        *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0;
        *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL) ? SSL_GOST89MAC : 0;
        *mac |= (ssl_digest_methods[SSL_MD_STREEBOG256_IDX] == NULL) ? SSL_STREEBOG256 : 0;
-        *mac |= (ssl_digest_methods[SSL_MD_STREEBOG512_IDX] == NULL) ? SSL_STREEBOG512 : 0;
 }
 static void
@@ -1671,9 +1656,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_STREEBOG256:
                mac = "STREEBOG256";
                break;
-        case SSL_STREEBOG512:
-                mac = "STREEBOG512";
-                break;
        default:
                mac = "unknown";
                break;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index a64edd2c18..62d9d0314e 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.173 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.174 2017/02/21 15:28:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -250,7 +250,6 @@ __BEGIN_HIDDEN_DECLS
 /* Not a real MAC, just an indication it is part of cipher */
 #define SSL_AEAD                0x00000040L
 #define SSL_STREEBOG256         0x00000080L
-#define SSL_STREEBOG512         0x00000100L
 /* Bits for algorithm_ssl (protocol version) */
 #define SSL_SSLV3               0x00000002L
@@ -266,12 +265,11 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_HANDSHAKE_MAC_SHA256 0x80
 #define SSL_HANDSHAKE_MAC_SHA384 0x100
 #define SSL_HANDSHAKE_MAC_STREEBOG256 0x200
-#define SSL_HANDSHAKE_MAC_STREEBOG512 0x400
 #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
 /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
 * make sure to update this constant too */
-#define SSL_MAX_DIGEST 8
+#define SSL_MAX_DIGEST 7
 #define SSL3_CK_ID              0x03000000
 #define SSL3_CK_VALUE_MASK      0x0000ffff
author	jsing <>	2017-02-21 15:28:27 +0000
committer	jsing <>	2017-02-21 15:28:27 +0000
commit	bbf39c51547681478cc1780b967a50a231e69774 (patch)
tree	6cf136c9fd33f9f817232c034769b204fea65a9d /src/lib
parent	e4cef9bced16350744580abd330057344d98a9fd (diff)
download	openbsd-bbf39c51547681478cc1780b967a50a231e69774.tar.gz openbsd-bbf39c51547681478cc1780b967a50a231e69774.tar.bz2 openbsd-bbf39c51547681478cc1780b967a50a231e69774.zip