Remove peer_md and use peer_sigalg instead.

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
2017-01-30 18:10:17 +00:00 · 2017-01-30 18:10:17 +00:00 · 6cbebb5516
commit 6cbebb5516
parent 44b6318f48
4 changed files with 3 additions and 8 deletions
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -1300,8 +1300,6 @@ typedef struct ssl3_state_st {
        size_t peer_sigalgslen;
        /* Sigalg peer actualy uses */
        const SIGALG_LOOKUP *peer_sigalg;
-        /* Digest peer uses for signing */
-        const EVP_MD *peer_md;
        /* Array of digests used for signing */
        const EVP_MD *md[SSL_PKEY_NUM];
        /*
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@ -1981,7 +1981,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
                al = SSL_AD_DECODE_ERROR;
                goto err;
            }
-            md = s->s3->tmp.peer_md;
+            md = ssl_md(s->s3->tmp.peer_sigalg->hash_idx);
 #ifdef SSL_DEBUG
            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 #endif
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@ -340,7 +340,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
                al = SSL_AD_DECODE_ERROR;
                goto f_err;
            }
-            md = s->s3->tmp.peer_md;
+            md = ssl_md(s->s3->tmp.peer_sigalg->hash_idx);
 #ifdef SSL_DEBUG
            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 #endif
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -937,10 +937,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
        SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
        return 0;
    }
-    /*
-     * Store the digest used so applications can retrieve it if they wish.
-     */
-    s->s3->tmp.peer_md = md;
+    /* Store the sigalg the peer uses */
    s->s3->tmp.peer_sigalg = lu;
    return 1;
 }