Remove last remnants of GOST support.
This removes support code for a "stream_mac" mode only used by GOST. Also get
rid of this
/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
comment next to it. It's not actually related to GOST (dates to OpenSSL initial
commit), but isn't especially helpful at this point.
Change-Id: Ib13c6e27e16e0d1fb59ed0142ddf913b9abc20b7
Reviewed-on: https://boringssl-review.googlesource.com/1281
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 55e94f5..866e381 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -284,8 +284,7 @@
#define SSL_kECDHe 0x00000020L /* ECDH cert, ECDSA CA cert */
#define SSL_kEECDH 0x00000040L /* ephemeral ECDH */
#define SSL_kPSK 0x00000080L /* PSK */
-#define SSL_kGOST 0x00000100L /* GOST key exchange */
-#define SSL_kSRP 0x00000200L /* SRP */
+#define SSL_kSRP 0x00000100L /* SRP */
/* Bits for algorithm_auth (server authentication) */
#define SSL_aRSA 0x00000001L /* RSA auth */
@@ -295,8 +294,6 @@
#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
#define SSL_aECDSA 0x00000020L /* ECDSA auth*/
#define SSL_aPSK 0x00000040L /* PSK auth */
-#define SSL_aGOST94 0x00000080L /* GOST R 34.10-94 signature auth */
-#define SSL_aGOST01 0x00000100L /* GOST R 34.10-2001 signature auth */
/* Bits for algorithm_enc (symmetric encryption) */
@@ -310,11 +307,10 @@
#define SSL_AES256 0x00000080L
#define SSL_CAMELLIA128 0x00000100L
#define SSL_CAMELLIA256 0x00000200L
-#define SSL_eGOST2814789CNT 0x00000400L
-#define SSL_SEED 0x00000800L
-#define SSL_AES128GCM 0x00001000L
-#define SSL_AES256GCM 0x00002000L
-#define SSL_CHACHA20POLY1305 0x00004000L
+#define SSL_SEED 0x00000400L
+#define SSL_AES128GCM 0x00000800L
+#define SSL_AES256GCM 0x00001000L
+#define SSL_CHACHA20POLY1305 0x00002000L
#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
@@ -324,12 +320,10 @@
#define SSL_MD5 0x00000001L
#define SSL_SHA1 0x00000002L
-#define SSL_GOST94 0x00000004L
-#define SSL_GOST89MAC 0x00000008L
-#define SSL_SHA256 0x00000010L
-#define SSL_SHA384 0x00000020L
+#define SSL_SHA256 0x00000004L
+#define SSL_SHA384 0x00000008L
/* Not a real MAC, just an indication it is part of cipher */
-#define SSL_AEAD 0x00000040L
+#define SSL_AEAD 0x00000010L
/* Bits for algorithm_ssl (protocol version) */
#define SSL_SSLV2 0x00000001L
@@ -342,14 +336,13 @@
#define SSL_HANDSHAKE_MAC_MD5 0x10
#define SSL_HANDSHAKE_MAC_SHA 0x20
-#define SSL_HANDSHAKE_MAC_GOST94 0x40
-#define SSL_HANDSHAKE_MAC_SHA256 0x80
-#define SSL_HANDSHAKE_MAC_SHA384 0x100
+#define SSL_HANDSHAKE_MAC_SHA256 0x40
+#define SSL_HANDSHAKE_MAC_SHA384 0x80
#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
* make sure to update this constant too */
-#define SSL_MAX_DIGEST 6
+#define SSL_MAX_DIGEST 4
#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT)
@@ -358,13 +351,8 @@
#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
-/* Stream MAC for GOST ciphersuites from cryptopro draft
- * (currently this also goes into algorithm2) */
-#define TLS1_STREAM_MAC 0x04
-
#define TLSEXT_CHANNEL_ID_SIZE 128
/* SSL_CIPHER_ALGORITHM2_AEAD is a flag in SSL_CIPHER.algorithm2 which
@@ -476,9 +464,7 @@
#define SSL_PKEY_DH_RSA 3
#define SSL_PKEY_DH_DSA 4
#define SSL_PKEY_ECC 5
-#define SSL_PKEY_GOST94 6
-#define SSL_PKEY_GOST01 7
-#define SSL_PKEY_NUM 8
+#define SSL_PKEY_NUM 6
/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
