diff options
author | Matt Caswell <matt@openssl.org> | 2020-08-31 14:43:15 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-09-03 09:40:52 +0100 |
commit | 13c9843cff061304275a1723bcba137280e2e97d (patch) | |
tree | c27b90fb30f3124c7330b6f30d004fd1f0eac171 | |
parent | 820d87bc98c254bb36c46891f3fe4e55bd47f2e7 (diff) | |
download | openssl-13c9843cff061304275a1723bcba137280e2e97d.tar.gz |
Convert ssl3_cbc_digest_record() to use EVP_MD_is_a()
Previously it used EVP_MD_type(), which doesn't work when called inside
the FIPs module.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
-rw-r--r-- | ssl/s3_cbc.c | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 94492ca293..4895f43568 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -214,8 +214,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, if (!ossl_assert(data_plus_mac_plus_padding_size < 1024 * 1024)) return 0; - switch (EVP_MD_type(md)) { - case NID_md5: + if (EVP_MD_is_a(md, "MD5")) { if (MD5_Init((MD5_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_md5_final_raw; @@ -224,32 +223,28 @@ int ssl3_cbc_digest_record(const EVP_MD *md, md_size = 16; sslv3_pad_length = 48; length_is_big_endian = 0; - break; - case NID_sha1: + } else if (EVP_MD_is_a(md, "SHA1")) { if (SHA1_Init((SHA_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha1_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA1_Transform; md_size = 20; - break; - case NID_sha224: + } else if (EVP_MD_is_a(md, "SHA2-224")) { if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha256_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 224 / 8; - break; - case NID_sha256: + } else if (EVP_MD_is_a(md, "SHA2-256")) { if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha256_final_raw; md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 32; - break; - case NID_sha384: + } else if (EVP_MD_is_a(md, "SHA2-384")) { if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha512_final_raw; @@ -258,8 +253,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, md_size = 384 / 8; md_block_size = 128; md_length_size = 16; - break; - case NID_sha512: + } else if (EVP_MD_is_a(md, "SHA2-512")) { if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha512_final_raw; @@ -268,8 +262,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, md_size = 64; md_block_size = 128; md_length_size = 16; - break; - default: + } else { /* * ssl3_cbc_record_digest_supported should have been called first to * check that the hash function is supported. |