3 files changed, 31 insertions, 31 deletions

diff --git a/tests/tls12-cert-key-exchange.c b/tests/tls12-cert-key-exchange.c
index 1271bb3501..862fe85894 100644
--- a/tests/tls12-cert-key-exchange.c
+++ b/tests/tls12-cert-key-exchange.c
@@ -155,10 +155,10 @@ void doit(void)
 		server_priority = "NORMAL:+CTYPE-ALL"
 			":+VKO-GOST-12"
 			":+GROUP-GOST-ALL"
-			":+GOST28147-TC26Z-CNT"
-			":+GOST28147-TC26Z-IMIT"
+			":+CIPHER-GOST-ALL"
+			":+MAC-GOST-ALL"
 			":+SIGN-GOST-ALL";
-		const char *gost_client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL";
+		const char *gost_client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL";
 		try_with_key("TLS 1.2 with gost12 256 no-cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_256, GNUTLS_SIGN_UNKNOWN,
 			&server_ca3_gost12_256_cert, &server_ca3_gost12_256_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN);
 		try_with_key("TLS 1.2 with gost12 256 ask cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_256, GNUTLS_SIGN_UNKNOWN,
diff --git a/tests/tls12-server-kx-neg.c b/tests/tls12-server-kx-neg.c
index 4ae49b226c..e3a2de363a 100644
--- a/tests/tls12-server-kx-neg.c
+++ b/tests/tls12-server-kx-neg.c
@@ -469,8 +469,8 @@ test_case_st tests[] = {
 		.client_ret = GNUTLS_E_AGAIN,
 		.server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
 		.name = "TLS 1.2 VKO-GOST-12 with cred but no cert",
@@ -478,8 +478,8 @@ test_case_st tests[] = {
 		.server_ret = GNUTLS_E_NO_CIPHER_SUITES,
 		.have_cert_cred = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
 		.name = "TLS 1.2 VKO-GOST-12 with cred but no GOST cert",
@@ -489,8 +489,8 @@ test_case_st tests[] = {
 		.have_rsa_sign_cert = 1,
 		.have_rsa_decrypt_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
 		.name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-256 cert",
@@ -499,8 +499,8 @@ test_case_st tests[] = {
 		.have_cert_cred = 1,
 		.have_gost12_256_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
 		.name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-512 cert",
@@ -509,8 +509,8 @@ test_case_st tests[] = {
 		.have_cert_cred = 1,
 		.have_gost12_512_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
 		.name = "TLS 1.2 VKO-GOST-12 with cred and multiple certs",
@@ -523,8 +523,8 @@ test_case_st tests[] = {
 		.have_gost12_256_cert = 1,
 		.have_gost12_512_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2"
 	},
 	{
 		.name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-256 cert client lacking signature algs (like SChannel)",
@@ -533,8 +533,8 @@ test_case_st tests[] = {
 		.have_cert_cred = 1,
 		.have_gost12_256_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
-		.client_prio = "NONE:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+VERS-TLS1.2:+SIGN-RSA-SHA256"
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NONE:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+VERS-TLS1.2:+SIGN-RSA-SHA256"
 	},
 	{
 		.name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-512 cert client lacking signature algs (like SChannel)",
@@ -543,8 +543,8 @@ test_case_st tests[] = {
 		.have_cert_cred = 1,
 		.have_gost12_512_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
-		.client_prio = "NONE:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+VERS-TLS1.2:+SIGN-RSA-SHA256"
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NONE:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+VERS-TLS1.2:+SIGN-RSA-SHA256"
 	},
 #endif
 };
diff --git a/tests/tls13-server-kx-neg.c b/tests/tls13-server-kx-neg.c
index 91651a80a0..a4cca3faaf 100644
--- a/tests/tls13-server-kx-neg.c
+++ b/tests/tls13-server-kx-neg.c
@@ -232,8 +232,8 @@ test_case_st tests[] = {
 		.have_cert_cred = 1,
 		.have_gost12_256_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION,
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2",
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION,
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2",
 		.exp_version = GNUTLS_TLS1_2,
 	},
 	{
@@ -243,8 +243,8 @@ test_case_st tests[] = {
 		.have_cert_cred = 1,
 		.have_gost12_512_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION,
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2",
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION,
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2",
 		.exp_version = GNUTLS_TLS1_2,
 	},
 	{
@@ -254,8 +254,8 @@ test_case_st tests[] = {
 		.have_cert_cred = 1,
 		.have_gost12_256_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION,
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION,
 		.exp_version = GNUTLS_TLS1_2,
 	},
 	{
@@ -265,8 +265,8 @@ test_case_st tests[] = {
 		.have_cert_cred = 1,
 		.have_gost12_512_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION,
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2",
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION,
 		.exp_version = GNUTLS_TLS1_2,
 	},
 	/* Ideally for the next two test cases we should fallback to TLS 1.2 + GOST
@@ -278,8 +278,8 @@ test_case_st tests[] = {
 		.have_cert_cred = 1,
 		.have_gost12_256_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION,
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION,
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION,
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION,
 		.exp_version = GNUTLS_TLS1_2,
 	},
 	{
@@ -289,8 +289,8 @@ test_case_st tests[] = {
 		.have_cert_cred = 1,
 		.have_gost12_512_cert = 1,
 		.not_on_fips = 1,
-		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION,
-		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION,
+		.server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION,
+		.client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION,
 		.exp_version = GNUTLS_TLS1_2,
 	},
 #endif