diff options
| author |   jsing <jsing@openbsd.org> | 2021-02-07 15:26:32 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2021-02-07 15:26:32 +0000 |
| commit | 605ba3c6f07d2e102b534645d46bcc9a8e041b52 (patch) | |
| tree | abcfc59b82e830f090fa28e5c564d77368809afb /lib/libssl/s3_lib.c | |
| parent | Correct handshake MAC/PRF for various TLSv1.2 cipher suites. (diff) | |
| download | wireguard-openbsd-605ba3c6f07d2e102b534645d46bcc9a8e041b52.tar.xz wireguard-openbsd-605ba3c6f07d2e102b534645d46bcc9a8e041b52.zip | |
Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md().
The mess that is ssl_get_algorithm2() only exists to upgrade the handshake
MAC of a pre-TLSv1.2 cipher suite to SHA256 when used with TLSv1.2. We can
readily do this in ssl_get_handshake_evp_md(), which is far more readable.
ok tb@
Diffstat (limited to 'lib/libssl/s3_lib.c')
| -rw-r--r-- | lib/libssl/s3_lib.c | 16 |
1 files changed, 1 insertions, 15 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 3df2ef76db0..75f71c4c7d3 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.203 2021/02/07 15:12:52 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.204 2021/02/07 15:26:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2722,17 +2722,3 @@ ssl3_renegotiate_check(SSL *s) } return (ret); } -/* - * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF - * and handshake macs if required. - */ -long -ssl_get_algorithm2(SSL *s) -{ - long alg2 = S3I(s)->hs.new_cipher->algorithm2; - - if (SSL_USE_SHA256_PRF(s) && - alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) - return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; - return alg2; -} |