From e04ca894aa08b4b01dbc7ead7524d8026ce8f3be Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 5 Mar 2017 14:39:53 +0000
Subject: Provide a rolling handshake hash that commences as soon as the cipher
 suite has been selected, and convert the final finish MAC to use this
 handshake hash.

This is a first step towards cleaning up the current handshake
buffer/digest code.

ok beck@ inoguchi@
---
 src/lib/libssl/ssl_ciph.c | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_ciph.c')

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 3e991fa577..da48765aba 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.94 2017/02/21 15:28:27 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.95 2017/03/05 14:39:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -719,6 +719,34 @@ ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
 	return 1;
 }
 
+int
+ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
+{
+	*md = NULL;
+
+	switch (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_MASK) {
+	case SSL_HANDSHAKE_MAC_DEFAULT:
+		*md = EVP_md5_sha1();
+		return 1;
+	case SSL_HANDSHAKE_MAC_GOST94:
+		*md = EVP_gostr341194();
+		return 1;
+	case SSL_HANDSHAKE_MAC_SHA256:
+		*md = EVP_sha256();
+		return 1;
+	case SSL_HANDSHAKE_MAC_SHA384:
+		*md = EVP_sha384();
+		return 1;
+	case SSL_HANDSHAKE_MAC_STREEBOG256:
+		*md = EVP_streebog256();
+		return 1;
+	default:
+		break;
+	}
+
+	return 0;
+}
+
 #define ITEM_SEP(a) \
 	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
 
-- 
cgit v1.2.3-55-g6feb