diff options
| author |   jsing <jsing@openbsd.org> | 2014-12-10 15:36:46 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-12-10 15:36:46 +0000 |
| commit | 829c9983835882d17ba9edba19f49ebc0fc4186e (patch) | |
| tree | 7ad8709f781116a7a6fb21045e30a4ed14a61b95 /lib/libssl/ssl_lib.c | |
| parent | retire shutdown hooks; ok deraadt, krw (diff) | |
| download | wireguard-openbsd-829c9983835882d17ba9edba19f49ebc0fc4186e.tar.xz wireguard-openbsd-829c9983835882d17ba9edba19f49ebc0fc4186e.zip | |
Remove support for GOST R 34.10-94 signature authentication, along with
the two ciphersuites that use it. GOST94 public/private keys have been
long obsoleted and libcrypto does not have support for them anyway.
Discussed with Dmitry Eremin-Solenikov.
Diffstat (limited to 'lib/libssl/ssl_lib.c')
| -rw-r--r-- | lib/libssl/ssl_lib.c | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index a03ee735ada..4369ba587a3 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.91 2014/12/10 14:58:56 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2051,11 +2051,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) mask_k |= SSL_kGOST; mask_a |= SSL_aGOST01; } - cpk = &(c->pkeys[SSL_PKEY_GOST94]); - if (cpk->x509 != NULL && cpk->privatekey !=NULL) { - mask_k |= SSL_kGOST; - mask_a |= SSL_aGOST94; - } if (rsa_enc) mask_k|=SSL_kRSA; @@ -2211,8 +2206,6 @@ ssl_get_server_send_pkey(const SSL *s) i = SSL_PKEY_RSA_SIGN; else i = SSL_PKEY_RSA_ENC; - } else if (alg_a & SSL_aGOST94) { - i = SSL_PKEY_GOST94; } else if (alg_a & SSL_aGOST01) { i = SSL_PKEY_GOST01; } else { /* if (alg_a & SSL_aNULL) */ |