Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md().

The mess that is ssl_get_algorithm2() only exists to upgrade the handshake MAC of a pre-TLSv1.2 cipher suite to SHA256 when used with TLSv1.2. We can readily do this in ssl_get_handshake_evp_md(), which is far more readable. ok tb@
author: jsing <> 2021-02-07 15:26:32 +0000
committer: jsing <> 2021-02-07 15:26:32 +0000
commit: adf5489ea8db2ed3bf4f2a1ddecfa1c6c7d1ebe2 (patch)
tree: ea023a4f428381ff72f5edc2aec4d7c062671aff /src/lib/libssl/s3_lib.c
parent: 77acd5ef6aa31c8a997bc2aeb3ed612e5667eb39 (diff)
download: openbsd-adf5489ea8db2ed3bf4f2a1ddecfa1c6c7d1ebe2.tar.gz
openbsd-adf5489ea8db2ed3bf4f2a1ddecfa1c6c7d1ebe2.tar.bz2
openbsd-adf5489ea8db2ed3bf4f2a1ddecfa1c6c7d1ebe2.zip
1 files changed, 1 insertions, 15 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 3df2ef76db..75f71c4c7d 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.203 2021/02/07 15:12:52 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.204 2021/02/07 15:26:32 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2722,17 +2722,3 @@ ssl3_renegotiate_check(SSL *s)
        }
        return (ret);
 }
-/*
- * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
- * and handshake macs if required.
- */
-long
-ssl_get_algorithm2(SSL *s)
-{
-        long    alg2 = S3I(s)->hs.new_cipher->algorithm2;
-        if (SSL_USE_SHA256_PRF(s) &&
-            alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
-                return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
-        return alg2;
-}
author	jsing <>	2021-02-07 15:26:32 +0000
committer	jsing <>	2021-02-07 15:26:32 +0000
commit	adf5489ea8db2ed3bf4f2a1ddecfa1c6c7d1ebe2 (patch)
tree	ea023a4f428381ff72f5edc2aec4d7c062671aff /src/lib/libssl/s3_lib.c
parent	77acd5ef6aa31c8a997bc2aeb3ed612e5667eb39 (diff)
download	openbsd-adf5489ea8db2ed3bf4f2a1ddecfa1c6c7d1ebe2.tar.gz openbsd-adf5489ea8db2ed3bf4f2a1ddecfa1c6c7d1ebe2.tar.bz2 openbsd-adf5489ea8db2ed3bf4f2a1ddecfa1c6c7d1ebe2.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 3df2ef76db..75f71c4c7d 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.203 2021/02/07 15:12:52 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.204 2021/02/07 15:26:32 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2722,17 +2722,3 @@ ssl3_renegotiate_check(SSL *s)
2722	}	2722	}
2723	return (ret);	2723	return (ret);
2724	}	2724	}
2725	/*
2726	* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
2727	* and handshake macs if required.
2728	*/
2729	long
2730	ssl_get_algorithm2(SSL *s)
2731	{
2732	long alg2 = S3I(s)->hs.new_cipher->algorithm2;
2733
2734	if (SSL_USE_SHA256_PRF(s) &&
2735	alg2 == (SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF))
2736	return SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256;
2737	return alg2;
2738	}