diff options
| author |   jsing <jsing@openbsd.org> | 2017-03-05 14:39:53 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-03-05 14:39:53 +0000 |
| commit | 366dc2a2e9ef223ce3418b3d76bba648547d45ef (patch) | |
| tree | d9fd995f7169f30e2e7cdc7ee6ee0edc127c064f /lib/libssl/ssl_ciph.c | |
| parent | Convert various handshake message generation functions to CBB. (diff) | |
| download | wireguard-openbsd-366dc2a2e9ef223ce3418b3d76bba648547d45ef.tar.xz wireguard-openbsd-366dc2a2e9ef223ce3418b3d76bba648547d45ef.zip | |
Provide a rolling handshake hash that commences as soon as the cipher
suite has been selected, and convert the final finish MAC to use this
handshake hash.
This is a first step towards cleaning up the current handshake
buffer/digest code.
ok beck@ inoguchi@
Diffstat (limited to 'lib/libssl/ssl_ciph.c')
| -rw-r--r-- | lib/libssl/ssl_ciph.c | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 3e991fa5772..da48765aba2 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.94 2017/02/21 15:28:27 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.95 2017/03/05 14:39:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -719,6 +719,34 @@ ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) return 1; } +int +ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) +{ + *md = NULL; + + switch (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_MASK) { + case SSL_HANDSHAKE_MAC_DEFAULT: + *md = EVP_md5_sha1(); + return 1; + case SSL_HANDSHAKE_MAC_GOST94: + *md = EVP_gostr341194(); + return 1; + case SSL_HANDSHAKE_MAC_SHA256: + *md = EVP_sha256(); + return 1; + case SSL_HANDSHAKE_MAC_SHA384: + *md = EVP_sha384(); + return 1; + case SSL_HANDSHAKE_MAC_STREEBOG256: + *md = EVP_streebog256(); + return 1; + default: + break; + } + + return 0; +} + #define ITEM_SEP(a) \ (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) |