From 1434a91c4d4dc782915ce81dd056fa8f6cb77ae1 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Wed, 10 Dec 2014 15:36:47 +0000 Subject: Remove support for GOST R 34.10-94 signature authentication, along with the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov. --- src/lib/libssl/ssl_ciph.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) (limited to 'src/lib/libssl/ssl_ciph.c') diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 72f774e7a9..1d7b4145eb 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.77 2014/12/07 12:13:06 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.78 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -313,17 +313,13 @@ static const SSL_CIPHER cipher_aliases[] = { .name = SSL_TXT_ECDSA, .algorithm_auth = SSL_aECDSA, }, - { - .name = SSL_TXT_aGOST94, - .algorithm_auth = SSL_aGOST94, - }, { .name = SSL_TXT_aGOST01, .algorithm_auth = SSL_aGOST01, }, { .name = SSL_TXT_aGOST, - .algorithm_auth = SSL_aGOST94|SSL_aGOST01, + .algorithm_auth = SSL_aGOST01, }, /* aliases combining key exchange and server authentication */ @@ -808,12 +804,10 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, * algorithms. If they are not available disable the associated * authentication and key exchange algorithms. */ - if (EVP_PKEY_meth_find(NID_id_GostR3410_94) == NULL) - *auth |= SSL_aGOST94; - if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) + if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) { *auth |= SSL_aGOST01; - if (((~*auth) & (SSL_aGOST94|SSL_aGOST01)) == 0) *mkey |= SSL_kGOST; + } #ifdef SSL_FORBID_ENULL *enc |= SSL_eNULL; @@ -1589,9 +1583,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aECDSA: au = "ECDSA"; break; - case SSL_aGOST94: - au = "GOST94"; - break; case SSL_aGOST01: au = "GOST01"; break; -- cgit v1.2.3-55-g6feb