diff options
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index fd576cee7b..1ffd90dc16 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.119 2020/09/13 16:49:05 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.120 2021/02/07 15:26:32 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -559,9 +559,21 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *ss, const EVP_AEAD **aead) | |||
| 559 | int | 559 | int |
| 560 | ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) | 560 | ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) |
| 561 | { | 561 | { |
| 562 | unsigned long handshake_mac; | ||
| 563 | |||
| 562 | *md = NULL; | 564 | *md = NULL; |
| 563 | 565 | ||
| 564 | switch (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_MASK) { | 566 | if (S3I(s)->hs.new_cipher == NULL) |
| 567 | return 0; | ||
| 568 | |||
| 569 | handshake_mac = S3I(s)->hs.new_cipher->algorithm2 & | ||
| 570 | SSL_HANDSHAKE_MAC_MASK; | ||
| 571 | |||
| 572 | /* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */ | ||
| 573 | if (SSL_USE_SHA256_PRF(s) && handshake_mac == SSL_HANDSHAKE_MAC_DEFAULT) | ||
| 574 | handshake_mac = SSL_HANDSHAKE_MAC_SHA256; | ||
| 575 | |||
| 576 | switch (handshake_mac) { | ||
| 565 | case SSL_HANDSHAKE_MAC_DEFAULT: | 577 | case SSL_HANDSHAKE_MAC_DEFAULT: |
| 566 | *md = EVP_md5_sha1(); | 578 | *md = EVP_md5_sha1(); |
| 567 | return 1; | 579 | return 1; |