diff options
| author |   jsing <jsing@openbsd.org> | 2017-02-21 15:28:27 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-02-21 15:28:27 +0000 |
| commit | ccd431c4a4b7c07e10cfcf435157be1fa1cd35e1 (patch) | |
| tree | 62cfc6b12713e6f16580ec309f7489e74bfa13ba /lib/libssl/ssl_ciph.c | |
| parent | update to unbound-1.6.1 release; only version string changes compared to (diff) | |
| download | wireguard-openbsd-ccd431c4a4b7c07e10cfcf435157be1fa1cd35e1.tar.xz wireguard-openbsd-ccd431c4a4b7c07e10cfcf435157be1fa1cd35e1.zip | |
Remove STREEBOG 512 as a TLS MAC since there are currently no cipher suites
that make use of it.
ok bcook@ inoguchi@
Diffstat (limited to 'lib/libssl/ssl_ciph.c')
| -rw-r--r-- | lib/libssl/ssl_ciph.c | 26 |
1 files changed, 4 insertions, 22 deletions
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 9808c7c37fc..3e991fa5772 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.93 2017/02/07 02:08:38 beck Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.94 2017/02/21 15:28:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -176,29 +176,27 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { #define SSL_MD_SHA256_IDX 4 #define SSL_MD_SHA384_IDX 5 #define SSL_MD_STREEBOG256_IDX 6 -#define SSL_MD_STREEBOG512_IDX 7 /*Constant SSL_MAX_DIGEST equal to size of digests array should be * defined in the * ssl_locl.h */ #define SSL_MD_NUM_IDX SSL_MAX_DIGEST static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, }; static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_GOSTIMIT, - EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, + EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, }; static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { - 0, 0, 0, 0, 0, 0, 0, 0 + 0, 0, 0, 0, 0, 0, 0, }; static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256, - SSL_HANDSHAKE_MAC_STREEBOG512 }; #define CIPHER_ADD 1 @@ -436,10 +434,6 @@ static const SSL_CIPHER cipher_aliases[] = { .name = SSL_TXT_STREEBOG256, .algorithm_mac = SSL_STREEBOG256, }, - { - .name = SSL_TXT_STREEBOG512, - .algorithm_mac = SSL_STREEBOG512, - }, /* protocol version aliases */ { @@ -531,10 +525,6 @@ ssl_load_ciphers(void) EVP_get_digestbyname(SN_id_tc26_gost3411_2012_256); ssl_mac_secret_size[SSL_MD_STREEBOG256_IDX] = EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG256_IDX]); - ssl_digest_methods[SSL_MD_STREEBOG512_IDX] = - EVP_get_digestbyname(SN_id_tc26_gost3411_2012_512); - ssl_mac_secret_size[SSL_MD_STREEBOG512_IDX] = - EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG512_IDX]); } int @@ -631,9 +621,6 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, case SSL_STREEBOG256: i = SSL_MD_STREEBOG256_IDX; break; - case SSL_STREEBOG512: - i = SSL_MD_STREEBOG512_IDX; - break; default: i = -1; break; @@ -814,8 +801,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL) ? SSL_GOST89MAC : 0; *mac |= (ssl_digest_methods[SSL_MD_STREEBOG256_IDX] == NULL) ? SSL_STREEBOG256 : 0; - *mac |= (ssl_digest_methods[SSL_MD_STREEBOG512_IDX] == NULL) ? SSL_STREEBOG512 : 0; - } static void @@ -1671,9 +1656,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_STREEBOG256: mac = "STREEBOG256"; break; - case SSL_STREEBOG512: - mac = "STREEBOG512"; - break; default: mac = "unknown"; break; |