Use digest indices for signature algorithms.

author Dr. Stephen Henson <steve@openssl.org>

Sun, 29 Nov 2015 16:54:27 +0000 (16:54 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Mon, 30 Nov 2015 03:49:35 +0000 (03:49 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sun, 29 Nov 2015 16:54:27 +0000 (16:54 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Mon, 30 Nov 2015 03:49:35 +0000 (03:49 +0000)
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c

index 2059fa071f49504ba0512baf79eb5806d598cb36..58fd1fadf6e29c4bd11930cd2a1d96e1d2a573f7 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -230,11 +230,13 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = {
      {SSL_GOST12_256, NID_id_GostR3411_2012_256},  /* SSL_MD_GOST12_256_IDX 6 */
      {SSL_GOST89MAC12, NID_gost_mac_12},           /* SSL_MD_GOST89MAC12_IDX 7 */
      {SSL_GOST12_512, NID_id_GostR3411_2012_512},  /* SSL_MD_GOST12_512_IDX 8 */
-    {0, NID_md5_sha1}           /* SSL_MD_MD5_SHA1_IDX 9 */
+    {0, NID_md5_sha1},          /* SSL_MD_MD5_SHA1_IDX 9 */
+    {0, NID_sha224},            /* SSL_MD_SHA224_IDX 10 */
+    {0, NID_sha512}             /* SSL_MD_SHA512_IDX 11 */
  };
  
  static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
  };
  
  /* Utility function for table lookup */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index 9d28b97da7ce07b29648936b4cdb7b4040c8675d..b4c62448968e72e6223ebd9d662943e6cbdd5c23 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -406,7 +406,9 @@
  # define SSL_MD_GOST89MAC12_IDX 7
  # define SSL_MD_GOST12_512_IDX  8
  # define SSL_MD_MD5_SHA1_IDX 9
-# define SSL_MAX_DIGEST 10
+# define SSL_MD_SHA224_IDX 10
+# define SSL_MD_SHA512_IDX 11
+# define SSL_MAX_DIGEST 12
  
  /* Bits for algorithm2 (handshake digests and other extra flags) */
  
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index ed6fb0725d78c74c3afa433e5eca091420e3c2b1..0ace6280df761e92ebf1c7cd0dd18d5ce508dfe3 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3254,39 +3254,20 @@ int tls12_get_sigid(const EVP_PKEY *pk)
  typedef struct {
      int nid;
      int secbits;
-    const EVP_MD *(*mfunc) (void);
+    int md_idx;
      unsigned char tlsext_hash;
  } tls12_hash_info;
  
-static const EVP_MD* md_gost94()
-{
-       return EVP_get_digestbynid(NID_id_GostR3411_94);
-}
-
-static const EVP_MD* md_gost2012_256()
-{
-       return EVP_get_digestbynid(NID_id_GostR3411_2012_256);
-}
-
-static const EVP_MD* md_gost2012_512()
-{
-       return EVP_get_digestbynid(NID_id_GostR3411_2012_512);
-}
-
  static const tls12_hash_info tls12_md_info[] = {
-#ifdef OPENSSL_NO_MD5
-    {NID_md5, 64, 0, TLSEXT_hash_md5},
-#else
-    {NID_md5, 64, EVP_md5, TLSEXT_hash_md5},
-#endif
-    {NID_sha1, 80, EVP_sha1, TLSEXT_hash_sha1},
-    {NID_sha224, 112, EVP_sha224, TLSEXT_hash_sha224},
-    {NID_sha256, 128, EVP_sha256, TLSEXT_hash_sha256},
-    {NID_sha384, 192, EVP_sha384, TLSEXT_hash_sha384},
-    {NID_sha512, 256, EVP_sha512, TLSEXT_hash_sha512},
-    {NID_id_GostR3411_94,       128, md_gost94, TLSEXT_hash_gostr3411},
-    {NID_id_GostR3411_2012_256, 128, md_gost2012_256, TLSEXT_hash_gostr34112012_256},
-    {NID_id_GostR3411_2012_512, 256, md_gost2012_512, TLSEXT_hash_gostr34112012_512},
+    {NID_md5, 64, SSL_MD_MD5_IDX, TLSEXT_hash_md5},
+    {NID_sha1, 80, SSL_MD_SHA1_IDX, TLSEXT_hash_sha1},
+    {NID_sha224, 112, SSL_MD_SHA224_IDX, TLSEXT_hash_sha224},
+    {NID_sha256, 128, SSL_MD_SHA256_IDX, TLSEXT_hash_sha256},
+    {NID_sha384, 192, SSL_MD_SHA384_IDX, TLSEXT_hash_sha384},
+    {NID_sha512, 256, SSL_MD_SHA512_IDX, TLSEXT_hash_sha512},
+    {NID_id_GostR3411_94,       128, SSL_MD_GOST94_IDX, TLSEXT_hash_gostr3411},
+    {NID_id_GostR3411_2012_256, 128, SSL_MD_GOST12_256_IDX, TLSEXT_hash_gostr34112012_256},
+    {NID_id_GostR3411_2012_512, 256, SSL_MD_GOST12_512_IDX, TLSEXT_hash_gostr34112012_512},
  };
  
  static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
@@ -3310,9 +3291,9 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
      if (hash_alg == TLSEXT_hash_md5 && FIPS_mode())
          return NULL;
      inf = tls12_get_hash_info(hash_alg);
-    if (!inf || !inf->mfunc)
+    if (!inf)
          return NULL;
-    return inf->mfunc();
+    return ssl_md(inf->md_idx);
  }
  
  static int tls12_get_pkey_idx(unsigned char sig_alg)
@@ -3374,7 +3355,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const unsigned char *ptmp)
  {
      /* See if we have an entry in the hash table and it is enabled */
      const tls12_hash_info *hinf = tls12_get_hash_info(ptmp[0]);
-    if (!hinf || !hinf->mfunc)
+    if (hinf == NULL || ssl_md(hinf->md_idx) == NULL)
          return 0;
      /* See if public key algorithm allowed */
      if (tls12_get_pkey_idx(ptmp[1]) == -1)
author	Dr. Stephen Henson <steve@openssl.org>
	Sun, 29 Nov 2015 16:54:27 +0000 (16:54 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Mon, 30 Nov 2015 03:49:35 +0000 (03:49 +0000)
ssl/ssl_ciph.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history
ssl/t1_lib.c		patch \| blob \| history