[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Tue Jan 15 11:51:03 UTC 2019


The branch OpenSSL_1_1_1-stable has been updated
       via  0c13c8ece1fd88acf757e385bbc865e1e94382ed (commit)
       via  709c6be2f8cd986f54140488d4154fe56825904b (commit)
      from  46c853e03a797946326c030462d708e312f36c4a (commit)


- Log -----------------------------------------------------------------
commit 0c13c8ece1fd88acf757e385bbc865e1e94382ed
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 14 16:37:14 2019 +0000

    Don't get the mac type in TLSv1.3
    
    We don't use this information so we shouldn't fetch it. As noted in the
    comments in #8005.
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/8020)
    
    (cherry picked from commit ea09abc80892920ee5db4de82bed7a193b5896f0)

commit 709c6be2f8cd986f54140488d4154fe56825904b
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 14 16:36:33 2019 +0000

    Add missing entries in ssl_mac_pkey_id
    
    Fixes #8005
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/8020)
    
    (cherry picked from commit 7fe0ed75e3e7760226a0a3a5a86cf3887004f6e4)

-----------------------------------------------------------------------

Summary of changes:
 ssl/ssl_ciph.c  | 2 ++
 ssl/tls13_enc.c | 4 +---
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 14066d0..044dd3a 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -171,6 +171,8 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
     EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
     /* GOST2012_512 */
     EVP_PKEY_HMAC,
+    /* MD5/SHA1, SHA224, SHA512 */
+    NID_undef, NID_undef, NID_undef
 };
 
 static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX];
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index e36b7d3..d663566 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -323,11 +323,9 @@ int tls13_setup_key_block(SSL *s)
 {
     const EVP_CIPHER *c;
     const EVP_MD *hash;
-    int mac_type = NID_undef;
 
     s->session->cipher = s->s3->tmp.new_cipher;
-    if (!ssl_cipher_get_evp
-        (s->session, &c, &hash, &mac_type, NULL, NULL, 0)) {
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, NULL, 0)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK,
                  SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
         return 0;


More information about the openssl-commits mailing list