1 files changed, 1 insertions, 85 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 1ae2d047bc..bb8e9465ba 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.248 2023/11/29 13:39:34 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.249 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -577,41 +577,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 256,
        },
-        /* GOST Ciphersuites */
-        /* Cipher 81 */
-        {
-                .valid = 1,
-                .name = "GOST2001-GOST89-GOST89",
-                .id = 0x3000081,
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eGOST2814789CNT,
-                .algorithm_mac = SSL_GOST89MAC,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
-                    TLS1_STREAM_MAC,
-                .strength_bits = 256,
-                .alg_bits = 256
-        },
-        /* Cipher 83 */
-        {
-                .valid = 1,
-                .name = "GOST2001-NULL-GOST94",
-                .id = 0x3000083,
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_GOST94,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
-                .strength_bits = 0,
-                .alg_bits = 0
-        },
 #ifndef OPENSSL_NO_CAMELLIA
        /* Camellia ciphersuites from RFC4132 (256-bit portion) */
@@ -1362,40 +1327,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 256,
        },
-        /* Cipher FF85 FIXME IANA */
-        {
-                .valid = 1,
-                .name = "GOST2012256-GOST89-GOST89",
-                .id = 0x300ff85, /* FIXME IANA */
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eGOST2814789CNT,
-                .algorithm_mac = SSL_GOST89MAC,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
-                    TLS1_STREAM_MAC,
-                .strength_bits = 256,
-                .alg_bits = 256
-        },
-        /* Cipher FF87 FIXME IANA */
-        {
-                .valid = 1,
-                .name = "GOST2012256-NULL-STREEBOG256",
-                .id = 0x300ff87, /* FIXME IANA */
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_STREEBOG256,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,
-                .strength_bits = 0,
-                .alg_bits = 0
-        },
        /* end of list */
 };
@@ -2668,21 +2599,6 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
        alg_k = s->s3->hs.cipher->algorithm_mkey;
-#ifndef OPENSSL_NO_GOST
-        if ((alg_k & SSL_kGOST) != 0) {
-                if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT))
-                        return 0;
-        }
-#endif
        if ((alg_k & SSL_kDHE) != 0) {
                if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH))
                        return 0;

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 1ae2d047bc..bb8e9465ba 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.248 2023/11/29 13:39:34 tb Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.249 2024/02/03 15:58:33 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -577,41 +577,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
577	.alg_bits = 256,	577	.alg_bits = 256,
578	},	578	},
579		579
580	/* GOST Ciphersuites */
581
582	/* Cipher 81 */
583	{
584	.valid = 1,
585	.name = "GOST2001-GOST89-GOST89",
586	.id = 0x3000081,
587	.algorithm_mkey = SSL_kGOST,
588	.algorithm_auth = SSL_aGOST01,
589	.algorithm_enc = SSL_eGOST2814789CNT,
590	.algorithm_mac = SSL_GOST89MAC,
591	.algorithm_ssl = SSL_TLSV1,
592	.algo_strength = SSL_HIGH,
593	.algorithm2 = SSL_HANDSHAKE_MAC_GOST94\|TLS1_PRF_GOST94\|
594	TLS1_STREAM_MAC,
595	.strength_bits = 256,
596	.alg_bits = 256
597	},
598
599	/* Cipher 83 */
600	{
601	.valid = 1,
602	.name = "GOST2001-NULL-GOST94",
603	.id = 0x3000083,
604	.algorithm_mkey = SSL_kGOST,
605	.algorithm_auth = SSL_aGOST01,
606	.algorithm_enc = SSL_eNULL,
607	.algorithm_mac = SSL_GOST94,
608	.algorithm_ssl = SSL_TLSV1,
609	.algo_strength = SSL_STRONG_NONE,
610	.algorithm2 = SSL_HANDSHAKE_MAC_GOST94\|TLS1_PRF_GOST94,
611	.strength_bits = 0,
612	.alg_bits = 0
613	},
614
615	#ifndef OPENSSL_NO_CAMELLIA	580	#ifndef OPENSSL_NO_CAMELLIA
616	/* Camellia ciphersuites from RFC4132 (256-bit portion) */	581	/* Camellia ciphersuites from RFC4132 (256-bit portion) */
617		582
@@ -1362,40 +1327,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
1362	.alg_bits = 256,	1327	.alg_bits = 256,
1363	},	1328	},
1364		1329
1365	/* Cipher FF85 FIXME IANA */
1366	{
1367	.valid = 1,
1368	.name = "GOST2012256-GOST89-GOST89",
1369	.id = 0x300ff85, /* FIXME IANA */
1370	.algorithm_mkey = SSL_kGOST,
1371	.algorithm_auth = SSL_aGOST01,
1372	.algorithm_enc = SSL_eGOST2814789CNT,
1373	.algorithm_mac = SSL_GOST89MAC,
1374	.algorithm_ssl = SSL_TLSV1,
1375	.algo_strength = SSL_HIGH,
1376	.algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256\|TLS1_PRF_STREEBOG256\|
1377	TLS1_STREAM_MAC,
1378	.strength_bits = 256,
1379	.alg_bits = 256
1380	},
1381
1382	/* Cipher FF87 FIXME IANA */
1383	{
1384	.valid = 1,
1385	.name = "GOST2012256-NULL-STREEBOG256",
1386	.id = 0x300ff87, /* FIXME IANA */
1387	.algorithm_mkey = SSL_kGOST,
1388	.algorithm_auth = SSL_aGOST01,
1389	.algorithm_enc = SSL_eNULL,
1390	.algorithm_mac = SSL_STREEBOG256,
1391	.algorithm_ssl = SSL_TLSV1,
1392	.algo_strength = SSL_STRONG_NONE,
1393	.algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256\|TLS1_PRF_STREEBOG256,
1394	.strength_bits = 0,
1395	.alg_bits = 0
1396	},
1397
1398
1399	/* end of list */	1330	/* end of list */
1400	};	1331	};
1401		1332
@@ -2668,21 +2599,6 @@ ssl3_get_req_cert_types(SSL s, CBB cbb)
2668		2599
2669	alg_k = s->s3->hs.cipher->algorithm_mkey;	2600	alg_k = s->s3->hs.cipher->algorithm_mkey;
2670		2601
2671	#ifndef OPENSSL_NO_GOST
2672	if ((alg_k & SSL_kGOST) != 0) {
2673	if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN))
2674	return 0;
2675	if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN))
2676	return 0;
2677	if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
2678	return 0;
2679	if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT))
2680	return 0;
2681	if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT))
2682	return 0;
2683	}
2684	#endif
2685
2686	if ((alg_k & SSL_kDHE) != 0) {	2602	if ((alg_k & SSL_kDHE) != 0) {
2687	if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH))	2603	if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH))
2688	return 0;	2604	return 0;