-/* $OpenBSD: ssl.h,v 1.6 2024/03/02 11:48:55 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.7 2024/07/14 15:39:36 tb Exp $ */
/*
* Copyright (c) 2023 Bob Beck <beck@openbsd.org>
*
LSSL_USED(SSL_set_quic_use_legacy_codepoint);
LSSL_USED(ERR_load_SSL_strings);
LSSL_USED(OPENSSL_init_ssl);
+LSSL_USED(SSL_CIPHER_get_handshake_digest);
#endif /* _LIBSSL_SSL_H */
-/* $OpenBSD: ssl.h,v 1.238 2024/07/13 18:33:18 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.239 2024/07/14 15:39:36 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
+#endif
int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
int SSL_get_fd(const SSL *s);
-/* $OpenBSD: ssl_ciph.c,v 1.142 2024/05/09 07:55:48 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.143 2024/07/14 15:39:36 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
handshake_mac = s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_MASK;
+ /* XXX - can we simplify this now that TLSv1.0 and TLSv1.1 are gone? */
/* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */
if (SSL_USE_SHA256_PRF(s) && handshake_mac == SSL_HANDSHAKE_MAC_DEFAULT)
handshake_mac = SSL_HANDSHAKE_MAC_SHA256;
}
LSSL_ALIAS(SSL_CIPHER_get_auth_nid);
+const EVP_MD *
+SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c)
+{
+ switch (c->algorithm2 & SSL_HANDSHAKE_MAC_MASK) {
+ case SSL_HANDSHAKE_MAC_DEFAULT:
+ case SSL_HANDSHAKE_MAC_SHA256:
+ return EVP_sha256();
+ case SSL_HANDSHAKE_MAC_SHA384:
+ return EVP_sha384();
+ default:
+ return NULL;
+ }
+}
+LSSL_ALIAS(SSL_CIPHER_get_handshake_digest);
+
int
SSL_CIPHER_is_aead(const SSL_CIPHER *c)
{
projects / openbsd / commitdiff