[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Tue Jan 15 11:50:48 UTC 2019


The branch master has been updated
       via  ea09abc80892920ee5db4de82bed7a193b5896f0 (commit)
       via  7fe0ed75e3e7760226a0a3a5a86cf3887004f6e4 (commit)
      from  d63bde7827b0be1172f823baf25309b54aa87e0f (commit)


- Log -----------------------------------------------------------------
commit ea09abc80892920ee5db4de82bed7a193b5896f0
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 14 16:37:14 2019 +0000

    Don't get the mac type in TLSv1.3
    
    We don't use this information so we shouldn't fetch it. As noted in the
    comments in #8005.
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/8020)

commit 7fe0ed75e3e7760226a0a3a5a86cf3887004f6e4
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 14 16:36:33 2019 +0000

    Add missing entries in ssl_mac_pkey_id
    
    Fixes #8005
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/8020)

-----------------------------------------------------------------------

Summary of changes:
 ssl/ssl_ciph.c  | 2 ++
 ssl/tls13_enc.c | 4 +---
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index bd97c0f..461a9de 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -171,6 +171,8 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
     EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
     /* GOST2012_512 */
     EVP_PKEY_HMAC,
+    /* MD5/SHA1, SHA224, SHA512 */
+    NID_undef, NID_undef, NID_undef
 };
 
 static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX];
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 6022950..e6cd705 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -323,11 +323,9 @@ int tls13_setup_key_block(SSL *s)
 {
     const EVP_CIPHER *c;
     const EVP_MD *hash;
-    int mac_type = NID_undef;
 
     s->session->cipher = s->s3->tmp.new_cipher;
-    if (!ssl_cipher_get_evp
-        (s->session, &c, &hash, &mac_type, NULL, NULL, 0)) {
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, NULL, 0)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK,
                  SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
         return 0;


More information about the openssl-commits mailing list