Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md().

The mess that is ssl_get_algorithm2() only exists to upgrade the handshake
MAC of a pre-TLSv1.2 cipher suite to SHA256 when used with TLSv1.2. We can
readily do this in ssl_get_handshake_evp_md(), which is far more readable.

ok tb@

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 3df2ef7..75f71c4 100644 (file)
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.203 2021/02/07 15:12:52 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.204 2021/02/07 15:26:32 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2722,17 +2722,3 @@ ssl3_renegotiate_check(SSL *s)
        }
        return (ret);
 }
-/*
- * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
- * and handshake macs if required.
- */
-long
-ssl_get_algorithm2(SSL *s)
-{
-       long    alg2 = S3I(s)->hs.new_cipher->algorithm2;
-
-       if (SSL_USE_SHA256_PRF(s) &&
-           alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
-               return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
-       return alg2;
-}

diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index fd576ce..1ffd90d 100644 (file)
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.119 2020/09/13 16:49:05 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.120 2021/02/07 15:26:32 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -559,9 +559,21 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *ss, const EVP_AEAD **aead)
 int
 ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
 {
+       unsigned long handshake_mac;
+
        *md = NULL;
 
-       switch (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_MASK) {
+       if (S3I(s)->hs.new_cipher == NULL)
+               return 0;
+
+       handshake_mac = S3I(s)->hs.new_cipher->algorithm2 &
+           SSL_HANDSHAKE_MAC_MASK;
+
+       /* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */
+       if (SSL_USE_SHA256_PRF(s) && handshake_mac == SSL_HANDSHAKE_MAC_DEFAULT)
+               handshake_mac = SSL_HANDSHAKE_MAC_SHA256;
+
+       switch (handshake_mac) {
        case SSL_HANDSHAKE_MAC_DEFAULT:
                *md = EVP_md5_sha1();
                return 1;

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 25164ea..0c7bdbc 100644 (file)
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.77 2021/02/07 15:04:10 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.78 2021/02/07 15:26:32 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2238,7 +2238,8 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
                goto err;
        }
 
-       if (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_GOST94)
+       /* XXX check handshake hash instead. */
+       if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
                nid = NID_id_GostR3411_94;
        else
                nid = NID_id_tc26_gost3411_2012_256;

diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index b56a99b..edb8223 100644 (file)
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.319 2021/02/07 15:04:10 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.320 2021/02/07 15:26:32 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1383,8 +1383,6 @@ int ssl_check_serverhello_tlsext(SSL *s);
 
 int tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret);
 
-long ssl_get_algorithm2(SSL *s);
-
 int tls1_check_ec_server_key(SSL *s);
 
 /* s3_cbc.c */