diff options
| author | miod <> | 2015-02-08 22:06:49 +0000 | 
|---|---|---|
| committer | miod <> | 2015-02-08 22:06:49 +0000 | 
| commit | ea97c5bb7f464380dd0050c7b8354e498c66bbbd (patch) | |
| tree | 13ca6fa43a2bc64d15ad272002438d4c80a91e97 /src/lib/libssl/s3_lib.c | |
| parent | 82244026401d9ba960370541d549b4371a5e6e76 (diff) | |
| download | openbsd-ea97c5bb7f464380dd0050c7b8354e498c66bbbd.tar.gz openbsd-ea97c5bb7f464380dd0050c7b8354e498c66bbbd.tar.bz2 openbsd-ea97c5bb7f464380dd0050c7b8354e498c66bbbd.zip | |
Rely upon enc_flags rather than the tls version, to upgrade SHA1+MD5 to
SHA256 in ssl_get_algorithm2().
From OpenSSL HEAD; ok jsing@
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 8 | 
1 files changed, 4 insertions, 4 deletions
| diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index aae497abed..c6062934dc 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.94 2015/02/07 05:46:01 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.95 2015/02/08 22:06:49 miod Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -2850,15 +2850,15 @@ ssl3_renegotiate_check(SSL *s) | |||
| 2850 | return (ret); | 2850 | return (ret); | 
| 2851 | } | 2851 | } | 
| 2852 | /* | 2852 | /* | 
| 2853 | * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch | 2853 | * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF | 
| 2854 | * to new SHA256 PRF and handshake macs | 2854 | * and handshake macs if required. | 
| 2855 | */ | 2855 | */ | 
| 2856 | long | 2856 | long | 
| 2857 | ssl_get_algorithm2(SSL *s) | 2857 | ssl_get_algorithm2(SSL *s) | 
| 2858 | { | 2858 | { | 
| 2859 | long alg2 = s->s3->tmp.new_cipher->algorithm2; | 2859 | long alg2 = s->s3->tmp.new_cipher->algorithm2; | 
| 2860 | 2860 | ||
| 2861 | if (s->method->version == TLS1_2_VERSION && | 2861 | if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && | 
| 2862 | alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) | 2862 | alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) | 
| 2863 | return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; | 2863 | return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; | 
| 2864 | return alg2; | 2864 | return alg2; | 
