Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md().

The mess that is ssl_get_algorithm2() only exists to upgrade the handshake
MAC of a pre-TLSv1.2 cipher suite to SHA256 when used with TLSv1.2. We can
readily do this in ssl_get_handshake_evp_md(), which is far more readable.

ok tb@

1 files changed, 14 insertions, 2 deletions

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index fd576cee7b..1ffd90dc16 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.119 2020/09/13 16:49:05 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.120 2021/02/07 15:26:32 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -559,9 +559,21 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *ss, const EVP_AEAD **aead)
 int
 ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
 {
+        unsigned long handshake_mac;
+
         *md = NULL;
 
-        switch (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_MASK) {
+        if (S3I(s)->hs.new_cipher == NULL)
+                return 0;
+
+        handshake_mac = S3I(s)->hs.new_cipher->algorithm2 &
+            SSL_HANDSHAKE_MAC_MASK;
+
+        /* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */
+        if (SSL_USE_SHA256_PRF(s) && handshake_mac == SSL_HANDSHAKE_MAC_DEFAULT)
+                handshake_mac = SSL_HANDSHAKE_MAC_SHA256;
+
+        switch (handshake_mac) {
         case SSL_HANDSHAKE_MAC_DEFAULT:
                 *md = EVP_md5_sha1();
                 return 1;