提交 6cbebb55 编写于 作者: D Dr. Stephen Henson

Remove peer_md and use peer_sigalg instead.

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)
上级 44b6318f
......@@ -1300,8 +1300,6 @@ typedef struct ssl3_state_st {
size_t peer_sigalgslen;
/* Sigalg peer actualy uses */
const SIGALG_LOOKUP *peer_sigalg;
/* Digest peer uses for signing */
const EVP_MD *peer_md;
/* Array of digests used for signing */
const EVP_MD *md[SSL_PKEY_NUM];
/*
......
......@@ -1981,7 +1981,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
al = SSL_AD_DECODE_ERROR;
goto err;
}
md = s->s3->tmp.peer_md;
md = ssl_md(s->s3->tmp.peer_sigalg->hash_idx);
#ifdef SSL_DEBUG
fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
#endif
......
......@@ -340,7 +340,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
md = s->s3->tmp.peer_md;
md = ssl_md(s->s3->tmp.peer_sigalg->hash_idx);
#ifdef SSL_DEBUG
fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
#endif
......
......@@ -937,10 +937,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}
/*
* Store the digest used so applications can retrieve it if they wish.
*/
s->s3->tmp.peer_md = md;
/* Store the sigalg the peer uses */
s->s3->tmp.peer_sigalg = lu;
return 1;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册