From 152fbc28e80f46dd1183989b3839e89031631806 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 29 Nov 2015 16:27:08 +0000 Subject: [PATCH] Use digest tables for defaults. Reviewed-by: Viktor Dukhovni --- ssl/ssl_ciph.c | 6 +++--- ssl/ssl_locl.h | 1 + ssl/t1_lib.c | 14 +++++++------- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 4e3c1e505f..2059fa071f 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -712,7 +712,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, return (0); } -static const EVP_MD *ssl_cipher_table_idx(int idx) +const EVP_MD *ssl_md(int idx) { idx &= SSL_HANDSHAKE_MAC_MASK; if (idx < 0 || idx >= SSL_MD_NUM_IDX) @@ -722,12 +722,12 @@ static const EVP_MD *ssl_cipher_table_idx(int idx) const EVP_MD *ssl_handshake_md(SSL *s) { - return ssl_cipher_table_idx(ssl_get_algorithm2(s)); + return ssl_md(ssl_get_algorithm2(s)); } const EVP_MD *ssl_prf_md(SSL *s) { - return ssl_cipher_table_idx(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT); + return ssl_md(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT); } #define ITEM_SEP(a) \ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 0cbb3cc57f..9d28b97da7 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2139,6 +2139,7 @@ __owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, __owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); __owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen); +__owur const EVP_MD *ssl_md(int idx); __owur const EVP_MD *ssl_handshake_md(SSL *s); __owur const EVP_MD *ssl_prf_md(SSL *s); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 2784fa1f23..ed6fb0725d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2706,22 +2706,22 @@ void ssl_set_default_md(SSL *s) { const EVP_MD **pmd = s->s3->tmp.md; #ifndef OPENSSL_NO_DSA - pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1(); + pmd[SSL_PKEY_DSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX); #endif #ifndef OPENSSL_NO_RSA if (SSL_USE_SIGALGS(s)) - pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1(); + pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX); else - pmd[SSL_PKEY_RSA_SIGN] = EVP_md5_sha1(); + pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_MD5_SHA1_IDX); pmd[SSL_PKEY_RSA_ENC] = pmd[SSL_PKEY_RSA_SIGN]; #endif #ifndef OPENSSL_NO_EC - pmd[SSL_PKEY_ECC] = EVP_sha1(); + pmd[SSL_PKEY_ECC] = ssl_md(SSL_MD_SHA1_IDX); #endif #ifndef OPENSSL_NO_GOST - pmd[SSL_PKEY_GOST01] = EVP_get_digestbynid(NID_id_GostR3411_94); - pmd[SSL_PKEY_GOST12_256] = EVP_get_digestbynid(NID_id_GostR3411_2012_256); - pmd[SSL_PKEY_GOST12_512] = EVP_get_digestbynid(NID_id_GostR3411_2012_512); + pmd[SSL_PKEY_GOST01] = ssl_md(SSL_MD_GOST94_IDX); + pmd[SSL_PKEY_GOST12_256] = ssl_md(SSL_MD_GOST12_256_IDX); + pmd[SSL_PKEY_GOST12_512] = ssl_md(SSL_MD_GOST12_512_IDX); #endif } -- GitLab