Remove GOST and STREEBOG support from libssl.

This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywhere.  Efforts to entice a suitably minded anyone
to care about it have been unsuccessful.

At this point it is probably best to remove this, and if someone
ever showed up who truly needed a working version, it should be
a clean implementation from scratch, and have it use something
closer to the typical API in libcrypto so it would integrate less
painfully here.

This removes it from libssl in preparation for it's removal from
libcrypto with a future major bump

ok tb@

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 1ae2d04..bb8e946 100644 (file)
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.248 2023/11/29 13:39:34 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.249 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -577,41 +577,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 256,
        },
 
-       /* GOST Ciphersuites */
-
-       /* Cipher 81 */
-       {
-               .valid = 1,
-               .name = "GOST2001-GOST89-GOST89",
-               .id = 0x3000081,
-               .algorithm_mkey = SSL_kGOST,
-               .algorithm_auth = SSL_aGOST01,
-               .algorithm_enc = SSL_eGOST2814789CNT,
-               .algorithm_mac = SSL_GOST89MAC,
-               .algorithm_ssl = SSL_TLSV1,
-               .algo_strength = SSL_HIGH,
-               .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
-                   TLS1_STREAM_MAC,
-               .strength_bits = 256,
-               .alg_bits = 256
-       },
-
-       /* Cipher 83 */
-       {
-               .valid = 1,
-               .name = "GOST2001-NULL-GOST94",
-               .id = 0x3000083,
-               .algorithm_mkey = SSL_kGOST,
-               .algorithm_auth = SSL_aGOST01,
-               .algorithm_enc = SSL_eNULL,
-               .algorithm_mac = SSL_GOST94,
-               .algorithm_ssl = SSL_TLSV1,
-               .algo_strength = SSL_STRONG_NONE,
-               .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
-               .strength_bits = 0,
-               .alg_bits = 0
-       },
-
 #ifndef OPENSSL_NO_CAMELLIA
        /* Camellia ciphersuites from RFC4132 (256-bit portion) */
 
@@ -1362,40 +1327,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 256,
        },
 
-       /* Cipher FF85 FIXME IANA */
-       {
-               .valid = 1,
-               .name = "GOST2012256-GOST89-GOST89",
-               .id = 0x300ff85, /* FIXME IANA */
-               .algorithm_mkey = SSL_kGOST,
-               .algorithm_auth = SSL_aGOST01,
-               .algorithm_enc = SSL_eGOST2814789CNT,
-               .algorithm_mac = SSL_GOST89MAC,
-               .algorithm_ssl = SSL_TLSV1,
-               .algo_strength = SSL_HIGH,
-               .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
-                   TLS1_STREAM_MAC,
-               .strength_bits = 256,
-               .alg_bits = 256
-       },
-
-       /* Cipher FF87 FIXME IANA */
-       {
-               .valid = 1,
-               .name = "GOST2012256-NULL-STREEBOG256",
-               .id = 0x300ff87, /* FIXME IANA */
-               .algorithm_mkey = SSL_kGOST,
-               .algorithm_auth = SSL_aGOST01,
-               .algorithm_enc = SSL_eNULL,
-               .algorithm_mac = SSL_STREEBOG256,
-               .algorithm_ssl = SSL_TLSV1,
-               .algo_strength = SSL_STRONG_NONE,
-               .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,
-               .strength_bits = 0,
-               .alg_bits = 0
-       },
-
-
        /* end of list */
 };
 
@@ -2668,21 +2599,6 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
 
        alg_k = s->s3->hs.cipher->algorithm_mkey;
 
-#ifndef OPENSSL_NO_GOST
-       if ((alg_k & SSL_kGOST) != 0) {
-               if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN))
-                       return 0;
-               if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN))
-                       return 0;
-               if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
-                       return 0;
-               if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT))
-                       return 0;
-               if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT))
-                       return 0;
-       }
-#endif
-
        if ((alg_k & SSL_kDHE) != 0) {
                if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH))
                        return 0;

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 8d65a1e..03a5a80 100644 (file)
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.232 2023/11/22 15:43:42 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.233 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -245,7 +245,6 @@ extern "C" {
 #define SSL_TXT_kECDH          "kECDH"
 #define SSL_TXT_kEECDH         "kEECDH"
 #define SSL_TXT_kPSK            "kPSK"
-#define SSL_TXT_kGOST          "kGOST"
 #define SSL_TXT_kSRP           "kSRP"
 
 #define        SSL_TXT_aRSA            "aRSA"
@@ -255,9 +254,6 @@ extern "C" {
 #define SSL_TXT_aKRB5          "aKRB5"
 #define SSL_TXT_aECDSA         "aECDSA"
 #define SSL_TXT_aPSK            "aPSK"
-#define SSL_TXT_aGOST94                "aGOST94"
-#define SSL_TXT_aGOST01                "aGOST01"
-#define SSL_TXT_aGOST          "aGOST"
 
 #define        SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH             "DH"
@@ -293,12 +289,8 @@ extern "C" {
 #define SSL_TXT_MD5            "MD5"
 #define SSL_TXT_SHA1           "SHA1"
 #define SSL_TXT_SHA            "SHA" /* same as "SHA1" */
-#define SSL_TXT_GOST94         "GOST94"
-#define SSL_TXT_GOST89MAC              "GOST89MAC"
 #define SSL_TXT_SHA256         "SHA256"
 #define SSL_TXT_SHA384         "SHA384"
-#define SSL_TXT_STREEBOG256            "STREEBOG256"
-#define SSL_TXT_STREEBOG512            "STREEBOG512"
 
 #define SSL_TXT_DTLS1          "DTLSv1"
 #define SSL_TXT_DTLS1_2                "DTLSv1.2"
@@ -2176,7 +2168,6 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_CLIENT_CERT_METHOD                     331
 #define SSL_R_NO_CLIENT_CERT_RECEIVED                   186
 #define SSL_R_NO_COMPRESSION_SPECIFIED                  187
-#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER          330
 #define SSL_R_NO_METHOD_SPECIFIED                       188
 #define SSL_R_NO_PRIVATEKEY                             189
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                   190

diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index 6c6cc2a..603d9cc 100644 (file)
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.57 2021/09/10 14:49:13 tb Exp $ */
+/* $OpenBSD: ssl3.h,v 1.58 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -325,7 +325,7 @@ extern "C" {
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER                 13
+#define SSL3_CT_NUMBER                 7
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS      0x0001
 #define TLS1_FLAGS_SKIP_CERT_VERIFY            0x0010

diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index 14d9aa8..995f1c4 100644 (file)
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.46 2023/07/07 08:53:55 tb Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -384,9 +384,6 @@ ssl_cert_type(EVP_PKEY *pkey)
        switch (EVP_PKEY_id(pkey)) {
        case EVP_PKEY_EC:
                return SSL_PKEY_ECC;
-       case NID_id_GostR3410_2001:
-       case NID_id_GostR3410_2001_cc:
-               return SSL_PKEY_GOST01;
        case EVP_PKEY_RSA:
        case EVP_PKEY_RSA_PSS:
                return SSL_PKEY_RSA;

diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index a288050..5b2fe1a 100644 (file)
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.107 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.108 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -233,10 +233,6 @@ ssl_cert_dup(SSL_CERT *cert)
                                /* We have an ECC key */
                                break;
 
-                       case SSL_PKEY_GOST01:
-                               /* We have a GOST key */
-                               break;
-
                        default:
                                /* Can't happen. */
                                SSLerrorx(SSL_R_LIBRARY_BUG);

diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index cea4d3e..76a3840 100644 (file)
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.138 2024/01/04 20:02:10 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.139 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -212,10 +212,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .name = SSL_TXT_ECDH,
                .algorithm_mkey = SSL_kECDHE,
        },
-       {
-               .name = SSL_TXT_kGOST,
-               .algorithm_mkey = SSL_kGOST,
-       },
 
        /* server authentication aliases */
        {
@@ -242,14 +238,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .name = SSL_TXT_ECDSA,
                .algorithm_auth = SSL_aECDSA,
        },
-       {
-               .name = SSL_TXT_aGOST01,
-               .algorithm_auth = SSL_aGOST01,
-       },
-       {
-               .name = SSL_TXT_aGOST,
-               .algorithm_auth = SSL_aGOST01,
-       },
 
        /* aliases combining key exchange and server authentication */
        {
@@ -355,14 +343,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .name = SSL_TXT_SHA,
                .algorithm_mac = SSL_SHA1,
        },
-       {
-               .name = SSL_TXT_GOST94,
-               .algorithm_mac = SSL_GOST94,
-       },
-       {
-               .name = SSL_TXT_GOST89MAC,
-               .algorithm_mac = SSL_GOST89MAC,
-       },
        {
                .name = SSL_TXT_SHA256,
                .algorithm_mac = SSL_SHA256,
@@ -371,10 +351,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                .name = SSL_TXT_SHA384,
                .algorithm_mac = SSL_SHA384,
        },
-       {
-               .name = SSL_TXT_STREEBOG256,
-               .algorithm_mac = SSL_STREEBOG256,
-       },
 
        /* protocol version aliases */
        {
@@ -472,11 +448,6 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
        case SSL_CAMELLIA256:
                *enc = EVP_camellia_256_cbc();
                break;
-#ifndef OPENSSL_NO_GOST
-       case SSL_eGOST2814789CNT:
-               *enc = EVP_gost2814789_cnt();
-               break;
-#endif
        }
 
        switch (ss->cipher->algorithm_mac) {
@@ -492,21 +463,11 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
        case SSL_SHA384:
                *md = EVP_sha384();
                break;
-#ifndef OPENSSL_NO_GOST
-       case SSL_GOST89MAC:
-               *md = EVP_gost2814789imit();
-               break;
-       case SSL_GOST94:
-               *md = EVP_gostr341194();
-               break;
-       case SSL_STREEBOG256:
-               *md = EVP_streebog256();
-               break;
-#endif
        }
        if (*enc == NULL || *md == NULL)
                return 0;
 
+       /* XXX remove these from ssl_cipher_get_evp? */
        /*
         * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not
         * supported via EVP_CIPHER (they should be using EVP_AEAD instead).
@@ -515,18 +476,9 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
                return 0;
        if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE)
                return 0;
-#ifndef OPENSSL_NO_GOST
-       /* XXX JFC. die in fire already */
-       if (ss->cipher->algorithm_mac == SSL_GOST89MAC) {
-               *mac_pkey_type = EVP_PKEY_GOSTIMIT;
-               *mac_secret_size = 32; /* XXX */
-       } else {
-#endif
-               *mac_pkey_type = EVP_PKEY_HMAC;
-               *mac_secret_size = EVP_MD_size(*md);
-#ifndef OPENSSL_NO_GOST
-       }
-#endif
+
+       *mac_pkey_type = EVP_PKEY_HMAC;
+       *mac_secret_size = EVP_MD_size(*md);
        return 1;
 }
 
@@ -581,14 +533,6 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
        case SSL_HANDSHAKE_MAC_DEFAULT:
                *md = EVP_md5_sha1();
                return 1;
-#ifndef OPENSSL_NO_GOST
-       case SSL_HANDSHAKE_MAC_GOST94:
-               *md = EVP_gostr341194();
-               return 1;
-       case SSL_HANDSHAKE_MAC_STREEBOG256:
-               *md = EVP_streebog256();
-               return 1;
-#endif
        case SSL_HANDSHAKE_MAC_SHA256:
                *md = EVP_sha256();
                return 1;
@@ -641,6 +585,7 @@ ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
        *head = curr;
 }
 
+/* XXX beck: remove this in a followon to removing GOST */
 static void
 ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
     unsigned long *enc, unsigned long *mac, unsigned long *ssl)
@@ -651,16 +596,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
        *mac = 0;
        *ssl = 0;
 
-       /*
-        * Check for the availability of GOST 34.10 public/private key
-        * algorithms. If they are not available disable the associated
-        * authentication and key exchange algorithms.
-        */
-#if defined(OPENSSL_NO_GOST) || !defined(EVP_PKEY_GOSTR01)
-       *auth |= SSL_aGOST01;
-       *mkey |= SSL_kGOST;
-#endif
-
 #ifdef SSL_FORBID_ENULL
        *enc |= SSL_eNULL;
 #endif
@@ -1455,9 +1390,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kECDHE:
                kx = "ECDH";
                break;
-       case SSL_kGOST:
-               kx = "GOST";
-               break;
        case SSL_kTLS1_3:
                kx = "TLSv1.3";
                break;
@@ -1478,9 +1410,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_aECDSA:
                au = "ECDSA";
                break;
-       case SSL_aGOST01:
-               au = "GOST01";
-               break;
        case SSL_aTLS1_3:
                au = "TLSv1.3";
                break;
@@ -1520,9 +1449,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_CHACHA20POLY1305:
                enc = "ChaCha20-Poly1305";
                break;
-       case SSL_eGOST2814789CNT:
-               enc = "GOST-28178-89-CNT";
-               break;
        default:
                enc = "unknown";
                break;
@@ -1544,15 +1470,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_AEAD:
                mac = "AEAD";
                break;
-       case SSL_GOST94:
-               mac = "GOST94";
-               break;
-       case SSL_GOST89MAC:
-               mac = "GOST89IMIT";
-               break;
-       case SSL_STREEBOG256:
-               mac = "STREEBOG256";
-               break;
        default:
                mac = "unknown";
                break;
@@ -1666,8 +1583,6 @@ SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
                return NID_des_cbc;
        case SSL_RC4:
                return NID_rc4;
-       case SSL_eGOST2814789CNT:
-               return NID_gost89_cnt;
        default:
                return NID_undef;
        }
@@ -1680,10 +1595,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
        switch (c->algorithm_mac) {
        case SSL_AEAD:
                return NID_undef;
-       case SSL_GOST89MAC:
-               return NID_id_Gost28147_89_MAC;
-       case SSL_GOST94:
-               return NID_id_GostR3411_94;
        case SSL_MD5:
                return NID_md5;
        case SSL_SHA1:
@@ -1692,8 +1603,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
                return NID_sha256;
        case SSL_SHA384:
                return NID_sha384;
-       case SSL_STREEBOG256:
-               return NID_id_tc26_gost3411_2012_256;
        default:
                return NID_undef;
        }
@@ -1708,8 +1617,6 @@ SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
                return NID_kx_dhe;
        case SSL_kECDHE:
                return NID_kx_ecdhe;
-       case SSL_kGOST:
-               return NID_kx_gost;
        case SSL_kRSA:
                return NID_kx_rsa;
        default:
@@ -1726,8 +1633,6 @@ SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
                return NID_auth_null;
        case SSL_aECDSA:
                return NID_auth_ecdsa;
-       case SSL_aGOST01:
-               return NID_auth_gost01;
        case SSL_aRSA:
                return NID_auth_rsa;
        default:

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 52f5de3..56fb9ba 100644 (file)
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.163 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.164 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -161,10 +161,6 @@
 #include <openssl/objects.h>
 #include <openssl/opensslconf.h>
 
-#ifndef OPENSSL_NO_GOST
-#include <openssl/gost.h>
-#endif
-
 #include "bytestring.h"
 #include "dtls_local.h"
 #include "ssl_local.h"
@@ -829,7 +825,6 @@ ssl3_get_server_hello(SSL *s)
        uint8_t compression_method;
        const SSL_CIPHER *cipher;
        const SSL_METHOD *method;
-       unsigned long alg_k;
        int al, ret;
 
        s->first_packet = 1;
@@ -1038,8 +1033,7 @@ ssl3_get_server_hello(SSL *s)
         * Don't digest cached records if no sigalgs: we may need them for
         * client authentication.
         */
-       alg_k = s->s3->hs.cipher->algorithm_mkey;
-       if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
+       if (!SSL_USE_SIGALGS(s))
                tls1_transcript_free(s);
 
        if (!CBS_get_u8(&cbs, &compression_method))
@@ -1930,119 +1924,6 @@ ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb)
        return ret;
 }
 
-static int
-ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
-{
-       unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
-       EVP_PKEY_CTX *pkey_ctx = NULL;
-       EVP_MD_CTX *ukm_hash = NULL;
-       EVP_PKEY *pkey;
-       size_t msglen;
-       unsigned int md_len;
-       CBB gostblob;
-       int nid;
-       int ret = 0;
-
-       /* Get server certificate PKEY and create ctx from it */
-       pkey = X509_get0_pubkey(s->session->peer_cert);
-       if (pkey == NULL || s->session->peer_cert_type != SSL_PKEY_GOST01) {
-               SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
-               goto err;
-       }
-       if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
-               SSLerror(s, ERR_R_MALLOC_FAILURE);
-               goto err;
-       }
-
-       /*
-        * If we have send a certificate, and certificate key parameters match
-        * those of server certificate, use certificate key for key exchange.
-        * Otherwise, generate ephemeral key pair.
-        */
-       if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0)
-               goto err;
-
-       /* Generate session key. */
-       arc4random_buf(premaster_secret, sizeof(premaster_secret));
-
-       /*
-        * If we have client certificate, use its secret as peer key.
-        * XXX - this presumably lacks PFS.
-        */
-       if (s->s3->hs.tls12.cert_request != 0 &&
-           s->cert->key->privatekey != NULL) {
-               if (EVP_PKEY_derive_set_peer(pkey_ctx,
-                   s->cert->key->privatekey) <=0) {
-                       /*
-                        * If there was an error - just ignore it.
-                        * Ephemeral key would be used.
-                        */
-                       ERR_clear_error();
-               }
-       }
-
-       /*
-        * Compute shared IV and store it in algorithm-specific context data.
-        */
-       if ((ukm_hash = EVP_MD_CTX_new()) == NULL) {
-               SSLerror(s, ERR_R_MALLOC_FAILURE);
-               goto err;
-       }
-
-       /* XXX check handshake hash instead. */
-       if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
-               nid = NID_id_GostR3411_94;
-       else
-               nid = NID_id_tc26_gost3411_2012_256;
-       if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
-               goto err;
-       if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE))
-               goto err;
-       if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE))
-               goto err;
-       if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len))
-               goto err;
-       if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
-           EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
-               SSLerror(s, SSL_R_LIBRARY_BUG);
-               goto err;
-       }
-
-       /*
-        * Make GOST keytransport blob message, encapsulate it into sequence.
-        */
-       msglen = 255;
-       if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
-           sizeof(premaster_secret)) < 0) {
-               SSLerror(s, SSL_R_LIBRARY_BUG);
-               goto err;
-       }
-
-       if (!CBB_add_asn1(cbb, &gostblob, CBS_ASN1_SEQUENCE))
-               goto err;
-       if (!CBB_add_bytes(&gostblob, tmp, msglen))
-               goto err;
-       if (!CBB_flush(cbb))
-               goto err;
-
-       /* Check if pubkey from client certificate was used. */
-       if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
-           NULL) > 0)
-               s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-
-       if (!tls12_derive_master_secret(s, premaster_secret, 32))
-               goto err;
-
-       ret = 1;
-
- err:
-       explicit_bzero(premaster_secret, sizeof(premaster_secret));
-       EVP_PKEY_CTX_free(pkey_ctx);
-       EVP_MD_CTX_free(ukm_hash);
-
-       return ret;
-}
-
 static int
 ssl3_send_client_key_exchange(SSL *s)
 {
@@ -2067,9 +1948,6 @@ ssl3_send_client_key_exchange(SSL *s)
                } else if (alg_k & SSL_kECDHE) {
                        if (!ssl3_send_client_kex_ecdhe(s, &kex))
                                goto err;
-               } else if (alg_k & SSL_kGOST) {
-                       if (!ssl3_send_client_kex_gost(s, &kex))
-                               goto err;
                } else {
                        ssl3_send_alert(s, SSL3_AL_FATAL,
                            SSL_AD_HANDSHAKE_FAILURE);
@@ -2115,14 +1993,6 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
                SSLerror(s, ERR_R_EVP_LIB);
                goto err;
        }
-#ifndef OPENSSL_NO_GOST
-       if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
-           EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-           EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
-               SSLerror(s, ERR_R_EVP_LIB);
-               goto err;
-       }
-#endif
        if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
            (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
            !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
@@ -2230,72 +2100,6 @@ ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
        return ret;
 }
 
-#ifndef OPENSSL_NO_GOST
-static int
-ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
-{
-       CBB cbb_signature;
-       EVP_MD_CTX *mctx;
-       EVP_PKEY_CTX *pctx;
-       const EVP_MD *md;
-       const unsigned char *hdata;
-       unsigned char *signature = NULL;
-       size_t signature_len;
-       size_t hdata_len;
-       int nid;
-       int ret = 0;
-
-       if ((mctx = EVP_MD_CTX_new()) == NULL)
-               goto err;
-
-       if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
-               SSLerror(s, ERR_R_INTERNAL_ERROR);
-               goto err;
-       }
-       if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
-           (md = EVP_get_digestbynid(nid)) == NULL) {
-               SSLerror(s, ERR_R_EVP_LIB);
-               goto err;
-       }
-       if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) {
-               SSLerror(s, ERR_R_EVP_LIB);
-               goto err;
-       }
-#ifndef OPENSSL_NO_GOST
-       if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-           EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
-               SSLerror(s, ERR_R_EVP_LIB);
-               goto err;
-       }
-#endif
-       if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) {
-               SSLerror(s, ERR_R_EVP_LIB);
-               goto err;
-       }
-       if ((signature = calloc(1, signature_len)) == NULL) {
-               SSLerror(s, ERR_R_MALLOC_FAILURE);
-               goto err;
-       }
-       if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) {
-               SSLerror(s, ERR_R_EVP_LIB);
-               goto err;
-       }
-
-       if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
-               goto err;
-       if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
-               goto err;
-       if (!CBB_flush(cert_verify))
-               goto err;
-
-       ret = 1;
- err:
-       EVP_MD_CTX_free(mctx);
-       free(signature);
-       return ret;
-}
-#endif
-
 static int
 ssl3_send_client_verify(SSL *s)
 {
@@ -2331,12 +2135,6 @@ ssl3_send_client_verify(SSL *s)
                } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
                        if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify))
                                goto err;
-#ifndef OPENSSL_NO_GOST
-               } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 ||
-                   EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
-                       if (!ssl3_send_client_verify_gost(s, pkey, &cert_verify))
-                               goto err;
-#endif
                } else {
                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                        goto err;

diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c
index 28097ea..30ca96b 100644 (file)
--- a/lib/libssl/ssl_err.c
+++ b/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.46 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -306,7 +306,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
        {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"},
        {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
        {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
-       {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"},
        {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   , "no method specified"},
        {ERR_REASON(SSL_R_NO_PRIVATEKEY)         , "no privatekey"},
        {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index c97441c..0277202 100644 (file)
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.318 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.319 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2297,12 +2297,6 @@ ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher)
                        mask_a |= SSL_aECDSA;
        }
 
-       cpk = &(c->pkeys[SSL_PKEY_GOST01]);
-       if (cpk->x509 != NULL && cpk->privatekey != NULL) {
-               mask_k |= SSL_kGOST;
-               mask_a |= SSL_aGOST01;
-       }
-
        cpk = &(c->pkeys[SSL_PKEY_RSA]);
        if (cpk->x509 != NULL && cpk->privatekey != NULL) {
                mask_a |= SSL_aRSA;
@@ -2363,8 +2357,6 @@ ssl_get_server_send_pkey(const SSL *s)
                i = SSL_PKEY_ECC;
        } else if (alg_a & SSL_aRSA) {
                i = SSL_PKEY_RSA;
-       } else if (alg_a & SSL_aGOST01) {
-               i = SSL_PKEY_GOST01;
        } else { /* if (alg_a & SSL_aNULL) */
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return (NULL);

diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h
index bd6275f..b4d093b 100644 (file)
--- a/lib/libssl/ssl_local.h
+++ b/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.12 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.13 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -197,7 +197,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_kRSA               0x00000001L /* RSA key exchange */
 #define SSL_kDHE               0x00000008L /* tmp DH key no DH cert */
 #define SSL_kECDHE             0x00000080L /* ephemeral ECDH */
-#define SSL_kGOST              0x00000200L /* GOST key exchange */
 #define SSL_kTLS1_3            0x00000400L /* TLSv1.3 key exchange */
 
 /* Bits for algorithm_auth (server authentication) */
@@ -205,7 +204,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_aDSS               0x00000002L /* DSS auth */
 #define SSL_aNULL              0x00000004L /* no auth (i.e. use ADH or AECDH) */
 #define SSL_aECDSA              0x00000040L /* ECDSA auth*/
-#define SSL_aGOST01            0x00000200L /* GOST R 34.10-2001 signature auth */
 #define SSL_aTLS1_3            0x00000400L /* TLSv1.3 authentication */
 
 /* Bits for algorithm_enc (symmetric encryption) */
@@ -218,7 +216,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_AES256             0x00000040L
 #define SSL_CAMELLIA128                0x00000080L
 #define SSL_CAMELLIA256                0x00000100L
-#define SSL_eGOST2814789CNT    0x00000200L
 #define SSL_AES128GCM          0x00000400L
 #define SSL_AES256GCM          0x00000800L
 #define SSL_CHACHA20POLY1305   0x00001000L
@@ -231,8 +228,6 @@ __BEGIN_HIDDEN_DECLS
 
 #define SSL_MD5                        0x00000001L
 #define SSL_SHA1               0x00000002L
-#define SSL_GOST94      0x00000004L
-#define SSL_GOST89MAC   0x00000008L
 #define SSL_SHA256             0x00000010L
 #define SSL_SHA384             0x00000020L
 /* Not a real MAC, just an indication it is part of cipher */
@@ -251,10 +246,8 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_HANDSHAKE_MAC_MASK         0xff0
 #define SSL_HANDSHAKE_MAC_MD5          0x010
 #define SSL_HANDSHAKE_MAC_SHA          0x020
-#define SSL_HANDSHAKE_MAC_GOST94       0x040
 #define SSL_HANDSHAKE_MAC_SHA256       0x080
 #define SSL_HANDSHAKE_MAC_SHA384       0x100
-#define SSL_HANDSHAKE_MAC_STREEBOG256  0x200
 #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
 
 #define SSL3_CK_ID             0x03000000
@@ -267,16 +260,8 @@ __BEGIN_HIDDEN_DECLS
 #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
 
-/*
- * Stream MAC for GOST ciphersuites from cryptopro draft
- * (currently this also goes into algorithm2).
- */
-#define TLS1_STREAM_MAC 0x04
-
 /*
  * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that
  * indicates that the variable part of the nonce is included as a prefix of
@@ -324,8 +309,7 @@ __BEGIN_HIDDEN_DECLS
 
 #define SSL_PKEY_RSA           0
 #define SSL_PKEY_ECC           1
-#define SSL_PKEY_GOST01                2
-#define SSL_PKEY_NUM           3
+#define SSL_PKEY_NUM           2
 
 #define SSL_MAX_EMPTY_RECORDS  32
 

diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c
index f59beb4..9876e82 100644 (file)
--- a/lib/libssl/ssl_sigalgs.c
+++ b/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.48 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.49 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -41,14 +41,6 @@ const struct ssl_sigalg sigalgs[] = {
                .security_level = 5,
                .group_nid = NID_secp521r1,
        },
-#ifndef OPENSSL_NO_GOST
-       {
-               .value = SIGALG_GOSTR12_512_STREEBOG_512,
-               .key_type = EVP_PKEY_GOSTR12_512,
-               .md = EVP_streebog512,
-               .security_level = 0,
-       },
-#endif
        {
                .value = SIGALG_RSA_PKCS1_SHA384,
                .key_type = EVP_PKEY_RSA,
@@ -75,20 +67,6 @@ const struct ssl_sigalg sigalgs[] = {
                .security_level = 3,
                .group_nid = NID_X9_62_prime256v1,
        },
-#ifndef OPENSSL_NO_GOST
-       {
-               .value = SIGALG_GOSTR12_256_STREEBOG_256,
-               .key_type = EVP_PKEY_GOSTR12_256,
-               .md = EVP_streebog256,
-               .security_level = 0,
-       },
-       {
-               .value = SIGALG_GOSTR01_GOST94,
-               .key_type = EVP_PKEY_GOSTR01,
-               .md = EVP_gostr341194,
-               .security_level = 0, /* XXX */
-       },
-#endif
        {
                .value = SIGALG_RSA_PSS_RSAE_SHA256,
                .key_type = EVP_PKEY_RSA,
@@ -283,10 +261,6 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
                return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
        case EVP_PKEY_EC:
                return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
-#ifndef OPENSSL_NO_GOST
-       case EVP_PKEY_GOSTR01:
-               return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
-#endif
        }
        SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
        return NULL;

diff --git a/lib/libssl/ssl_sigalgs.h b/lib/libssl/ssl_sigalgs.h
index 21a54d6..5211ec6 100644 (file)
--- a/lib/libssl/ssl_sigalgs.h
+++ b/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.26 2022/07/02 16:00:12 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.27 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
  *
@@ -47,14 +47,6 @@ __BEGIN_HIDDEN_DECLS
 #define SIGALG_PRIVATE_START           0xFE00
 #define SIGALG_PRIVATE_END             0xFFFF
 
-/*
- * If Russia can elect the US President, surely
- * IANA could fix this problem.
- */
-#define SIGALG_GOSTR12_512_STREEBOG_512        0xEFEF
-#define SIGALG_GOSTR12_256_STREEBOG_256        0xEEEE
-#define SIGALG_GOSTR01_GOST94          0xEDED
-
 /* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */
 #define SIGALG_RSA_PKCS1_MD5_SHA1      0xFF01
 

diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index f26fde5..117afac 100644 (file)
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.158 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.159 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -162,10 +162,6 @@
 #include <openssl/opensslconf.h>
 #include <openssl/x509.h>
 
-#ifndef OPENSSL_NO_GOST
-#include <openssl/gost.h>
-#endif
-
 #include "bytestring.h"
 #include "dtls_local.h"
 #include "ssl_local.h"
@@ -564,15 +560,7 @@ ssl3_accept(SSL *s)
                        }
 
                        alg_k = s->s3->hs.cipher->algorithm_mkey;
-                       if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
-                               /*
-                                * A GOST client may use the key from its
-                                * certificate for key exchange, in which case
-                                * the CertificateVerify message is not sent.
-                                */
-                               s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
-                               s->init_num = 0;
-                       } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
+                       if (SSL_USE_SIGALGS(s)) {
                                s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
                                s->init_num = 0;
                                if (!s->session->peer_cert)
@@ -795,7 +783,6 @@ ssl3_get_client_hello(SSL *s)
        unsigned long id;
        SSL_CIPHER *c;
        STACK_OF(SSL_CIPHER) *ciphers = NULL;
-       unsigned long alg_k;
        const SSL_METHOD *method;
        uint16_t shared_version;
 
@@ -1138,10 +1125,8 @@ ssl3_get_client_hello(SSL *s)
        if (!tls1_transcript_hash_init(s))
                goto err;
 
-       alg_k = s->s3->hs.cipher->algorithm_mkey;
-       if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
-           !(s->verify_mode & SSL_VERIFY_PEER))
-               tls1_transcript_free(s);
+       if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER))
+               tls1_transcript_free(s); 
 
        /*
         * We now have the following setup.
@@ -1815,75 +1800,6 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs)
        return ret;
 }
 
-static int
-ssl3_get_client_kex_gost(SSL *s, CBS *cbs)
-{
-       unsigned char premaster_secret[32];
-       EVP_PKEY_CTX *pkey_ctx = NULL;
-       EVP_PKEY *client_pubkey;
-       EVP_PKEY *pkey = NULL;
-       size_t outlen;
-       CBS gostblob;
-
-       /* Get our certificate private key*/
-#ifndef OPENSSL_NO_GOST
-       if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0)
-               pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
-#endif
-
-       if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
-               goto err;
-       if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0)
-               goto err;
-
-       /*
-        * If client certificate is present and is of the same type,
-        * maybe use it for key exchange.
-        * Don't mind errors from EVP_PKEY_derive_set_peer, because
-        * it is completely valid to use a client certificate for
-        * authorization only.
-        */
-       if ((client_pubkey = X509_get0_pubkey(s->session->peer_cert)) != NULL) {
-               if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0)
-                       ERR_clear_error();
-       }
-
-       /* Decrypt session key */
-       if (!CBS_get_asn1(cbs, &gostblob, CBS_ASN1_SEQUENCE))
-               goto decode_err;
-       if (CBS_len(cbs) != 0)
-               goto decode_err;
-       outlen = sizeof(premaster_secret);
-       if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
-           CBS_data(&gostblob), CBS_len(&gostblob)) <= 0) {
-               SSLerror(s, SSL_R_DECRYPTION_FAILED);
-               goto err;
-       }
-
-       if (!tls12_derive_master_secret(s, premaster_secret,
-           sizeof(premaster_secret)))
-               goto err;
-
-       /* Check if pubkey from client certificate was used */
-       if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY,
-           2, NULL) > 0)
-               s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-
-       explicit_bzero(premaster_secret, sizeof(premaster_secret));
-       EVP_PKEY_CTX_free(pkey_ctx);
-
-       return 1;
-
- decode_err:
-       SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-       ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- err:
-       explicit_bzero(premaster_secret, sizeof(premaster_secret));
-       EVP_PKEY_CTX_free(pkey_ctx);
-
-       return 0;
-}
-
 static int
 ssl3_get_client_key_exchange(SSL *s)
 {
@@ -1912,9 +1828,6 @@ ssl3_get_client_key_exchange(SSL *s)
        } else if (alg_k & SSL_kECDHE) {
                if (!ssl3_get_client_kex_ecdhe(s, &cbs))
                        goto err;
-       } else if (alg_k & SSL_kGOST) {
-               if (!ssl3_get_client_kex_gost(s, &cbs))
-                       goto err;
        } else {
                al = SSL_AD_HANDSHAKE_FAILURE;
                SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE);
@@ -2043,15 +1956,6 @@ ssl3_get_cert_verify(SSL *s)
                        al = SSL_AD_INTERNAL_ERROR;
                        goto fatal_err;
                }
-#ifndef OPENSSL_NO_GOST
-               if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
-                   EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
-                   EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE,
-                   NULL) <= 0) {
-                       al = SSL_AD_INTERNAL_ERROR;
-                       goto fatal_err;
-               }
-#endif
                if (EVP_DigestVerify(mctx, CBS_data(&signature),
                    CBS_len(&signature), hdata, hdatalen) <= 0) {
                        SSLerror(s, ERR_R_EVP_LIB);
@@ -2096,54 +2000,6 @@ ssl3_get_cert_verify(SSL *s)
                        SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE);
                        goto fatal_err;
                }
-#ifndef OPENSSL_NO_GOST
-       } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 ||
-           EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
-               unsigned char sigbuf[128];
-               unsigned int siglen = sizeof(sigbuf);
-               EVP_PKEY_CTX *pctx;
-               const EVP_MD *md;
-               int nid;
-
-               if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
-                       SSLerror(s, ERR_R_INTERNAL_ERROR);
-                       al = SSL_AD_INTERNAL_ERROR;
-                       goto fatal_err;
-               }
-               if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
-                   !(md = EVP_get_digestbynid(nid))) {
-                       SSLerror(s, ERR_R_EVP_LIB);
-                       al = SSL_AD_INTERNAL_ERROR;
-                       goto fatal_err;
-               }
-               if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
-                       SSLerror(s, ERR_R_EVP_LIB);
-                       al = SSL_AD_INTERNAL_ERROR;
-                       goto fatal_err;
-               }
-               if (!EVP_DigestInit_ex(mctx, md, NULL) ||
-                   !EVP_DigestUpdate(mctx, hdata, hdatalen) ||
-                   !EVP_DigestFinal(mctx, sigbuf, &siglen) ||
-                   (EVP_PKEY_verify_init(pctx) <= 0) ||
-                   (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
-                   (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
-                   EVP_PKEY_CTRL_GOST_SIG_FORMAT,
-                   GOST_SIG_FORMAT_RS_LE, NULL) <= 0)) {
-                       SSLerror(s, ERR_R_EVP_LIB);
-                       al = SSL_AD_INTERNAL_ERROR;
-                       EVP_PKEY_CTX_free(pctx);
-                       goto fatal_err;
-               }
-               if (EVP_PKEY_verify(pctx, CBS_data(&signature),
-                   CBS_len(&signature), sigbuf, siglen) <= 0) {
-                       al = SSL_AD_DECRYPT_ERROR;
-                       SSLerror(s, SSL_R_BAD_SIGNATURE);
-                       EVP_PKEY_CTX_free(pctx);
-                       goto fatal_err;
-               }
-
-               EVP_PKEY_CTX_free(pctx);
-#endif
        } else {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                al = SSL_AD_UNSUPPORTED_CERTIFICATE;

diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h
index 2bdbd3c..daf6cba 100644 (file)
--- a/lib/libssl/tls1.h
+++ b/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.56 2022/07/17 14:39:09 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.57 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -741,18 +741,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_CT_DSS_SIGN                        2
 #define TLS_CT_RSA_FIXED_DH            3
 #define TLS_CT_DSS_FIXED_DH            4
-#define TLS_CT_GOST94_SIGN             21
-#define TLS_CT_GOST01_SIGN             22
 #define TLS_CT_ECDSA_SIGN              64
 #define TLS_CT_RSA_FIXED_ECDH          65
 #define TLS_CT_ECDSA_FIXED_ECDH        66
-#define TLS_CT_GOST12_256_SIGN         67
-#define TLS_CT_GOST12_512_SIGN         68
-#define TLS_CT_GOST12_256_SIGN_COMPAT  238 /* pre-IANA, for compat */
-#define TLS_CT_GOST12_512_SIGN_COMPAT  239 /* pre-IANA, for compat */
 /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
  * comment there) */
-#define TLS_CT_NUMBER                  13
+#define TLS_CT_NUMBER                  7
 
 #define TLS1_FINISH_MAC_LENGTH         12
 

diff --git a/lib/libssl/tls12_key_schedule.c b/lib/libssl/tls12_key_schedule.c
index 6d714c1..1ac0033 100644 (file)
--- a/lib/libssl/tls12_key_schedule.c
+++ b/lib/libssl/tls12_key_schedule.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_key_schedule.c,v 1.3 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: tls12_key_schedule.c,v 1.4 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
  *
@@ -124,10 +124,6 @@ tls12_key_block_generate(struct tls12_key_block *kb, SSL *s,
                mac_key_len = EVP_MD_size(mac_hash);
                key_len = EVP_CIPHER_key_length(cipher);
                iv_len = EVP_CIPHER_iv_length(cipher);
-
-               /* Special handling for GOST... */
-               if (EVP_MD_type(mac_hash) == NID_id_Gost28147_89_MAC)
-                       mac_key_len = 32;
        }
 
        if (mac_key_len > EVP_MAX_MD_SIZE)

diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c
index 3f2fe71..9786d7d 100644 (file)
--- a/lib/libssl/tls12_record_layer.c
+++ b/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.41 2024/01/18 16:30:43 tb Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.42 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -468,7 +468,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
     CBS *iv)
 {
        EVP_PKEY *mac_pkey = NULL;
-       int gost_param_nid;
        int mac_type;
        int ret = 0;
 
@@ -484,25 +483,10 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
                goto err;
        if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key))
                goto err;
-
-#ifndef OPENSSL_NO_GOST
-       /* XXX die die die */
-       /* Special handling for GOST... */
-       if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
-               if (CBS_len(mac_key) != 32)
-                       goto err;
-               mac_type = EVP_PKEY_GOSTIMIT;
-               rp->stream_mac = 1;
-       } else {
-#endif
-               if (CBS_len(mac_key) > INT_MAX)
-                       goto err;
-               if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
-                       goto err;
-#ifndef OPENSSL_NO_GOST
-       }
-#endif
-
+       if (CBS_len(mac_key) > INT_MAX)
+               goto err;
+       if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
+               goto err;
        if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
                goto err;
        if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL)
@@ -524,23 +508,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
            mac_pkey) <= 0)
                goto err;
 
-       /* More special handling for GOST... */
-       if (EVP_CIPHER_nid(rl->cipher) == NID_gost89_cnt) {
-               gost_param_nid = NID_id_tc26_gost_28147_param_Z;
-               if (EVP_MD_type(rl->handshake_hash) == NID_id_GostR3411_94)
-                       gost_param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
-
-               if (EVP_CIPHER_CTX_ctrl(rp->cipher_ctx, EVP_CTRL_GOST_SET_SBOX,
-                   gost_param_nid, 0) <= 0)
-                       goto err;
-
-               if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
-                       if (EVP_MD_CTX_ctrl(rp->hash_ctx, EVP_MD_CTRL_GOST_SET_SBOX,
-                           gost_param_nid, 0) <= 0)
-                               goto err;
-               }
-       }
-
        ret = 1;
 
  err:

diff --git a/regress/lib/libssl/client/clienttest.c b/regress/lib/libssl/client/clienttest.c
index 8fb5a1d..18cf2d0 100644 (file)
--- a/regress/lib/libssl/client/clienttest.c
+++ b/regress/lib/libssl/client/clienttest.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: clienttest.c,v 1.42 2023/07/11 17:03:44 tb Exp $ */
+/*     $OpenBSD: clienttest.c,v 1.43 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  *
@@ -36,7 +36,7 @@
 #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2)
 #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34)
 #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69)
-#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 188)
+#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 184)
 #define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98)
 
 #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
@@ -75,57 +75,54 @@ static const uint8_t cipher_list_dtls12_aes[] = {
        0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
        0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
        0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
-       0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-       0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-       0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-       0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-       0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-       0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-       0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
-       0x00, 0x0a, 0x00, 0xff
+       0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+       0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+       0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+       0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+       0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+       0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12,
+       0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_dtls12_chacha[] = {
        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
        0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
        0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-       0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-       0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-       0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-       0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-       0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-       0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-       0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
-       0x00, 0x0a, 0x00, 0xff,
+       0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+       0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+       0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+       0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+       0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+       0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12,
+       0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_dtls12[] = {
        0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
-       0x00, 0x00, 0x00, 0x00, 0xbe, 0x01, 0x00, 0x00,
-       0xb2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-       0xb2, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
+       0x00, 0x00, 0x00, 0x00, 0xba, 0x01, 0x00, 0x00,
+       0xae, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+       0xae, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0xc0,
+       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0xc0,
        0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
        0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00,
-       0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff,
-       0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00,
-       0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00,
-       0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0,
-       0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00,
-       0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00,
-       0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00,
-       0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00,
-       0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00,
-       0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00,
-       0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00,
-       0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00,
-       0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06,
-       0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05,
-       0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02,
-       0x01, 0x02, 0x03,
+       0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00,
+       0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00,
+       0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0,
+       0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0,
+       0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00,
+       0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00,
+       0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, 0xc0,
+       0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01,
+       0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01,
+       0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00,
+       0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
+       0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00,
+       0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08,
+       0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04,
+       0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls10[] = {
@@ -186,92 +183,90 @@ static const uint8_t cipher_list_tls12_aes[] = {
        0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
        0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
        0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
-       0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-       0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-       0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-       0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-       0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-       0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-       0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
-       0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
-       0x00, 0xff,
+       0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+       0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+       0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+       0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+       0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+       0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
+       0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
+       0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_tls12_chacha[] = {
        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
        0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
        0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-       0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-       0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-       0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-       0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-       0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-       0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-       0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
-       0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
-       0x00, 0xff,
+       0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+       0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+       0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+       0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+       0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+       0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
+       0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
+       0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_tls12[] = {
-       0x16, 0x03, 0x03, 0x00, 0xbb, 0x01, 0x00, 0x00,
-       0xb7, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+       0x16, 0x03, 0x03, 0x00, 0xb7, 0x01, 0x00, 0x00,
+       0xb3, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-       0x00, 0x00, 0x00, 0x00, 0x00, 0x5a, 0xc0, 0x30,
+       0x00, 0x00, 0x00, 0x00, 0x00, 0x56, 0xc0, 0x30,
        0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
        0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-       0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
-       0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-       0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-       0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-       0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-       0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-       0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-       0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-       0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
-       0x01, 0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02,
-       0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08,
-       0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19,
-       0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18,
-       0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
-       0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
-       0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
+       0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4,
+       0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+       0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+       0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+       0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+       0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+       0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+       0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+       0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34,
+       0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,
+       0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17,
+       0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00,
+       0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06,
+       0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,
+       0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,
+       0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls13_aes[] = {
        0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x30,
        0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
        0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-       0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
-       0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-       0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-       0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-       0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-       0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-       0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-       0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-       0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
+       0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4,
+       0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+       0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+       0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+       0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+       0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+       0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+       0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+       0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_tls13_chacha[] = {
        0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9,
        0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c,
        0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,
-       0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85,
-       0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-       0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-       0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-       0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-       0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-       0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-       0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-       0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
+       0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4,
+       0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+       0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+       0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+       0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+       0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+       0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+       0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+       0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_tls13[] = {
-       0x16, 0x03, 0x03, 0x01, 0x14, 0x01, 0x00, 0x01,
-       0x10, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+       0x16, 0x03, 0x03, 0x01, 0x10, 0x01, 0x00, 0x01,
+       0x0c, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -279,33 +274,32 @@ static const uint8_t client_hello_tls13[] = {
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-       0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x13, 0x03,
+       0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0x13, 0x03,
        0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8,
        0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28,
        0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f,
-       0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, 0x00, 0xc4,
-       0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d,
-       0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
-       0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
-       0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
-       0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
-       0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
-       0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
-       0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00,
-       0x00, 0x67, 0x00, 0x2b, 0x00, 0x05, 0x04, 0x03,
-       0x04, 0x03, 0x03, 0x00, 0x33, 0x00, 0x26, 0x00,
-       0x24, 0x00, 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00,
+       0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4, 0x00, 0x88,
+       0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+       0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+       0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+       0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+       0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+       0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+       0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+       0x00, 0x0a, 0x01, 0x00, 0x00, 0x67, 0x00, 0x2b,
+       0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00,
+       0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00,
+       0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00,
-       0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
-       0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00,
-       0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
-       0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06,
-       0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08,
-       0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02,
-       0x03,
+       0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
+       0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00,
+       0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00,
+       0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08,
+       0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05,
+       0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04,
+       0x03, 0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls13_only_aes[] = {

diff --git a/regress/lib/libssl/interop/Makefile.inc b/regress/lib/libssl/interop/Makefile.inc
index 4a66390..fa22fb8 100644 (file)
--- a/regress/lib/libssl/interop/Makefile.inc
+++ b/regress/lib/libssl/interop/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.9 2023/10/18 19:14:32 anton Exp $
+# $OpenBSD: Makefile.inc,v 1.10 2024/02/03 15:58:34 beck Exp $
 
 .PATH:                 ${.CURDIR}/..
 
@@ -39,7 +39,7 @@ run-self-client-server: client server 127.0.0.1.crt
 CLEANFILES +=          127.0.0.1.{crt,key} \
                        ca.{crt,key,srl} fake-ca.{crt,key} \
                        {client,server}.{req,crt,key} \
-                       {dsa,ec,gost,rsa}.{key,req,crt} \
+                       {dsa,ec,rsa}.{key,req,crt} \
                        dh.param
 
 127.0.0.1.crt:
@@ -70,10 +70,6 @@ dsa.key:
 ec.key:
        openssl ecparam -genkey -name secp256r1 -out $@
 
-gost.key:
-       openssl genpkey -algorithm gost2001 \
-           -pkeyopt paramset:A -pkeyopt dgst:md_gost94 -out $@
-
 rsa.key:
        openssl genrsa -out $@ 2048
 
@@ -82,11 +78,6 @@ dsa.req ec.req rsa.req: ${@:R}.key
            -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
            -nodes -key ${@:R}.key -out $@
 
-gost.req: ${@:R}.key
-       openssl req -batch -new -md_gost94 \
-           -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
-           -nodes -key ${@:R}.key -out $@
-
-dsa.crt ec.crt gost.crt rsa.crt: ca.crt ${@:R}.req
+dsa.crt ec.crt rsa.crt: ca.crt ${@:R}.req
        openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
            -req -in ${@:R}.req -out $@

diff --git a/regress/lib/libssl/interop/cipher/Makefile b/regress/lib/libssl/interop/cipher/Makefile
index 627cfc8..3a116d5 100644 (file)
--- a/regress/lib/libssl/interop/cipher/Makefile
+++ b/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.13 2023/10/30 17:15:21 tb Exp $
+# $OpenBSD: Makefile,v 1.14 2024/02/03 15:58:34 beck Exp $
 
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or 3.0.  Create lists of supported ciphers
@@ -6,17 +6,6 @@
 # certificate with compatible type.  Check that client and server
 # have used correct cipher by grepping in their session print out.
 
-run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
-client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
-       # gost does not work with libressl TLS 1.3 right now
-       @echo DISABLED
-
 LIBRARIES =            libressl
 .if exists(/usr/local/bin/eopenssl11)
 LIBRARIES +=           openssl11
@@ -96,8 +85,6 @@ LEVEL_openssl30 = ,@SECLEVEL=0
 TYPE_${cipher} =       dsa
 .elif "${cipher:M*-ECDSA-*}" != ""
 TYPE_${cipher} =       ec
-.elif "${cipher:M*-GOST89-*}" != ""
-TYPE_${cipher} =       gost
 .elif "${cipher:M*-RSA-*}" != ""
 TYPE_${cipher} =       rsa
 .else

diff --git a/regress/lib/libssl/unit/tls_prf.c b/regress/lib/libssl/unit/tls_prf.c
index a22d0e7..b6836da 100644 (file)
--- a/regress/lib/libssl/unit/tls_prf.c
+++ b/regress/lib/libssl/unit/tls_prf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_prf.c,v 1.8 2022/11/26 16:08:57 tb Exp $ */
+/* $OpenBSD: tls_prf.c,v 1.9 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -57,29 +57,6 @@ static struct tls_prf_test tls_prf_tests[] = {
                        0x12, 0x44, 0xec, 0x60, 0x61, 0xd1, 0x8a, 0x66,
                },
        },
-       {
-               .desc = "GOST94",
-               .ssl_method = TLSv1_2_method,
-               .cipher_value = 0x0081,
-               .out = {
-                        0xcc, 0xd4, 0x89, 0x5f, 0x52, 0x08, 0x9b, 0xc7,
-                        0xf9, 0xb5, 0x83, 0x58, 0xe8, 0xc7, 0x71, 0x49,
-                        0x39, 0x99, 0x1f, 0x14, 0x8f, 0x85, 0xbe, 0x64,
-                        0xee, 0x40, 0x5c, 0xe7, 0x5f, 0x68, 0xaf, 0xf2,
-                        0xcd, 0x3a, 0x94, 0x52, 0x33, 0x53, 0x46, 0x7d,
-                        0xb6, 0xc5, 0xe1, 0xb8, 0xa4, 0x04, 0x69, 0x91,
-                        0x0a, 0x9c, 0x88, 0x86, 0xd9, 0x60, 0x63, 0xdd,
-                        0xd8, 0xe7, 0x2e, 0xee, 0xce, 0xe2, 0x20, 0xd8,
-                        0x9a, 0xfa, 0x9c, 0x63, 0x0c, 0x9c, 0xa1, 0x76,
-                        0xed, 0x78, 0x9a, 0x84, 0x70, 0xb4, 0xd1, 0x51,
-                        0x1f, 0xde, 0x44, 0xe8, 0x90, 0x21, 0x3f, 0xeb,
-                        0x05, 0xf4, 0x77, 0x59, 0xf3, 0xad, 0xdd, 0x34,
-                        0x3d, 0x3a, 0x7c, 0xd0, 0x59, 0x40, 0xe1, 0x3f,
-                        0x04, 0x4b, 0x8b, 0xd6, 0x95, 0x46, 0xb4, 0x9e,
-                        0x4c, 0x2d, 0xf7, 0xee, 0xbd, 0xbc, 0xcb, 0x5c,
-                        0x3a, 0x36, 0x0c, 0xd0, 0x27, 0xcb, 0x45, 0x06,
-               },
-       },
        {
                .desc = "SHA256 (via TLSv1.2)",
                .ssl_method = TLSv1_2_method,
@@ -126,29 +103,6 @@ static struct tls_prf_test tls_prf_tests[] = {
                         0x05, 0x76, 0x4b, 0xe4, 0x28, 0x50, 0x4a, 0xf2,
                },
        },
-       {
-               .desc = "STREEBOG256",
-               .ssl_method = TLSv1_2_method,
-               .cipher_value = 0xff87,
-               .out = {
-                       0x3e, 0x13, 0xb9, 0xeb, 0x85, 0x8c, 0xb4, 0x21,
-                       0x23, 0x40, 0x9b, 0x73, 0x04, 0x56, 0xe2, 0xff,
-                       0xce, 0x52, 0x1f, 0x82, 0x7f, 0x17, 0x5b, 0x80,
-                       0x23, 0x71, 0xca, 0x30, 0xdf, 0xfc, 0xdc, 0x2d,
-                       0xc0, 0xfc, 0x5d, 0x23, 0x5a, 0x54, 0x7f, 0xae,
-                       0xf5, 0x7d, 0x52, 0x1e, 0x86, 0x95, 0xe1, 0x2d,
-                       0x28, 0xe7, 0xbe, 0xd7, 0xd0, 0xbf, 0xa9, 0x96,
-                       0x13, 0xd0, 0x9c, 0x0c, 0x1c, 0x16, 0x05, 0xbb,
-                       0x26, 0xd7, 0x30, 0x39, 0xb9, 0x53, 0x28, 0x98,
-                       0x4f, 0x1b, 0x83, 0xc3, 0xce, 0x1c, 0x7c, 0x34,
-                       0xa2, 0xc4, 0x7a, 0x54, 0x16, 0xc6, 0xa7, 0x9e,
-                       0xed, 0x4b, 0x7b, 0x83, 0xa6, 0xae, 0xe2, 0x5b,
-                       0x96, 0xf5, 0x6c, 0xad, 0x1f, 0xa3, 0x83, 0xb2,
-                       0x84, 0x32, 0xed, 0xe3, 0x2c, 0xf6, 0xd4, 0x73,
-                       0x30, 0xef, 0x9d, 0xbe, 0xe7, 0x23, 0x9a, 0xbf,
-                       0x4d, 0x1c, 0xe7, 0xef, 0x3d, 0xea, 0x46, 0xe2,
-               },
-       },
 };
 
 #define N_TLS_PRF_TESTS \

diff --git a/usr.bin/openssl/openssl.c b/usr.bin/openssl/openssl.c
index e5ff31a..7a42b70 100644 (file)
--- a/usr.bin/openssl/openssl.c
+++ b/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: openssl.c,v 1.35 2023/06/11 13:02:10 jsg Exp $ */
+/* $OpenBSD: openssl.c,v 1.36 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -211,12 +211,6 @@ FUNCTION functions[] = {
 #endif
 
        /* Message Digests. */
-#ifndef OPENSSL_NO_GOST
-       { FUNC_TYPE_MD, "gost-mac", dgst_main },
-       { FUNC_TYPE_MD, "md_gost94", dgst_main },
-       { FUNC_TYPE_MD, "streebog256", dgst_main },
-       { FUNC_TYPE_MD, "streebog512", dgst_main },
-#endif
 #ifndef OPENSSL_NO_MD4
        { FUNC_TYPE_MD, "md4", dgst_main },
 #endif