diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2015-11-29 16:27:08 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2015-11-30 00:32:57 +0000 |
| commit | 152fbc28e80f46dd1183989b3839e89031631806 (patch) | |
| tree | fc2dba11016da2a1d0612527a7f1c00108989372 | |
| parent | 9446daac5b7be3210e9c5d80c3d95309d946ee38 (diff) | |
Use digest tables for defaults.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
| -rw-r--r-- | ssl/ssl_ciph.c | 6 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 1 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 14 |
3 files changed, 11 insertions, 10 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 4e3c1e505f..2059fa071f 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -712,7 +712,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, return (0); } -static const EVP_MD *ssl_cipher_table_idx(int idx) +const EVP_MD *ssl_md(int idx) { idx &= SSL_HANDSHAKE_MAC_MASK; if (idx < 0 || idx >= SSL_MD_NUM_IDX) @@ -722,12 +722,12 @@ static const EVP_MD *ssl_cipher_table_idx(int idx) const EVP_MD *ssl_handshake_md(SSL *s) { - return ssl_cipher_table_idx(ssl_get_algorithm2(s)); + return ssl_md(ssl_get_algorithm2(s)); } const EVP_MD *ssl_prf_md(SSL *s) { - return ssl_cipher_table_idx(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT); + return ssl_md(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT); } #define ITEM_SEP(a) \ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 0cbb3cc57f..9d28b97da7 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2139,6 +2139,7 @@ __owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, __owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); __owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen); +__owur const EVP_MD *ssl_md(int idx); __owur const EVP_MD *ssl_handshake_md(SSL *s); __owur const EVP_MD *ssl_prf_md(SSL *s); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 2784fa1f23..ed6fb0725d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2706,22 +2706,22 @@ void ssl_set_default_md(SSL *s) { const EVP_MD **pmd = s->s3->tmp.md; #ifndef OPENSSL_NO_DSA - pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1(); + pmd[SSL_PKEY_DSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX); #endif #ifndef OPENSSL_NO_RSA if (SSL_USE_SIGALGS(s)) - pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1(); + pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX); else - pmd[SSL_PKEY_RSA_SIGN] = EVP_md5_sha1(); + pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_MD5_SHA1_IDX); pmd[SSL_PKEY_RSA_ENC] = pmd[SSL_PKEY_RSA_SIGN]; #endif #ifndef OPENSSL_NO_EC - pmd[SSL_PKEY_ECC] = EVP_sha1(); + pmd[SSL_PKEY_ECC] = ssl_md(SSL_MD_SHA1_IDX); #endif #ifndef OPENSSL_NO_GOST - pmd[SSL_PKEY_GOST01] = EVP_get_digestbynid(NID_id_GostR3411_94); - pmd[SSL_PKEY_GOST12_256] = EVP_get_digestbynid(NID_id_GostR3411_2012_256); - pmd[SSL_PKEY_GOST12_512] = EVP_get_digestbynid(NID_id_GostR3411_2012_512); + pmd[SSL_PKEY_GOST01] = ssl_md(SSL_MD_GOST94_IDX); + pmd[SSL_PKEY_GOST12_256] = ssl_md(SSL_MD_GOST12_256_IDX); + pmd[SSL_PKEY_GOST12_512] = ssl_md(SSL_MD_GOST12_512_IDX); #endif } |