Use digest tables for defaults.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 4e3c1e505fc9abcd64866103e5ca2e1160d29b81..2059fa071f49504ba0512baf79eb5806d598cb36 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -712,7 +712,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
         return (0);
 }
 
         return (0);
 }
 

-static const EVP_MD *ssl_cipher_table_idx(int idx)
+const EVP_MD *ssl_md(int idx)

 {
     idx &= SSL_HANDSHAKE_MAC_MASK;
     if (idx < 0 || idx >= SSL_MD_NUM_IDX)
 {
     idx &= SSL_HANDSHAKE_MAC_MASK;
     if (idx < 0 || idx >= SSL_MD_NUM_IDX)


@@ -722,12 +722,12 @@ static const EVP_MD *ssl_cipher_table_idx(int idx)
 
 const EVP_MD *ssl_handshake_md(SSL *s)
 {
 
 const EVP_MD *ssl_handshake_md(SSL *s)
 {

-    return ssl_cipher_table_idx(ssl_get_algorithm2(s));
+    return ssl_md(ssl_get_algorithm2(s));

 }
 
 const EVP_MD *ssl_prf_md(SSL *s)
 {
 }
 
 const EVP_MD *ssl_prf_md(SSL *s)
 {

-    return ssl_cipher_table_idx(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
+    return ssl_md(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);

 }
 
 #define ITEM_SEP(a) \
 }
 
 #define ITEM_SEP(a) \

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 0cbb3cc57fcb36cefd5b723936e9e7a74131c17d..9d28b97da7ce07b29648936b4cdb7b4040c8675d 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2139,6 +2139,7 @@ __owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
 __owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
 
 __owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen);
 __owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
 
 __owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen);

+__owur const EVP_MD *ssl_md(int idx);

 __owur const EVP_MD *ssl_handshake_md(SSL *s);
 __owur const EVP_MD *ssl_prf_md(SSL *s);
 
 __owur const EVP_MD *ssl_handshake_md(SSL *s);
 __owur const EVP_MD *ssl_prf_md(SSL *s);
 

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2784fa1f2362dd7fa75c255f9df9d21384411c32..ed6fb0725d78c74c3afa433e5eca091420e3c2b1 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2706,22 +2706,22 @@ void ssl_set_default_md(SSL *s)
 {
     const EVP_MD **pmd = s->s3->tmp.md;
 #ifndef OPENSSL_NO_DSA
 {
     const EVP_MD **pmd = s->s3->tmp.md;
 #ifndef OPENSSL_NO_DSA

-    pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1();
+    pmd[SSL_PKEY_DSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX);

 #endif
 #ifndef OPENSSL_NO_RSA
     if (SSL_USE_SIGALGS(s))
 #endif
 #ifndef OPENSSL_NO_RSA
     if (SSL_USE_SIGALGS(s))

-        pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1();
+        pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX);

     else
     else

-        pmd[SSL_PKEY_RSA_SIGN] = EVP_md5_sha1();
+        pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_MD5_SHA1_IDX);

     pmd[SSL_PKEY_RSA_ENC] = pmd[SSL_PKEY_RSA_SIGN];
 #endif
 #ifndef OPENSSL_NO_EC
     pmd[SSL_PKEY_RSA_ENC] = pmd[SSL_PKEY_RSA_SIGN];
 #endif
 #ifndef OPENSSL_NO_EC

-    pmd[SSL_PKEY_ECC] = EVP_sha1();
+    pmd[SSL_PKEY_ECC] = ssl_md(SSL_MD_SHA1_IDX);

 #endif
 #ifndef OPENSSL_NO_GOST
 #endif
 #ifndef OPENSSL_NO_GOST

-    pmd[SSL_PKEY_GOST01] = EVP_get_digestbynid(NID_id_GostR3411_94);
-    pmd[SSL_PKEY_GOST12_256] = EVP_get_digestbynid(NID_id_GostR3411_2012_256);
-    pmd[SSL_PKEY_GOST12_512] = EVP_get_digestbynid(NID_id_GostR3411_2012_512);
+    pmd[SSL_PKEY_GOST01] = ssl_md(SSL_MD_GOST94_IDX);
+    pmd[SSL_PKEY_GOST12_256] = ssl_md(SSL_MD_GOST12_256_IDX);
+    pmd[SSL_PKEY_GOST12_512] = ssl_md(SSL_MD_GOST12_512_IDX);

 #endif
 }
 
 #endif
 }