From 6cbebb5516e0a505f7e4cfe286eb2ef0f0eca9a2 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 30 Jan 2017 18:10:17 +0000
Subject: [PATCH] Remove peer_md and use peer_sigalg instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)
---
 ssl/ssl_locl.h           | 2 --
 ssl/statem/statem_clnt.c | 2 +-
 ssl/statem/statem_lib.c  | 2 +-
 ssl/t1_lib.c             | 5 +----
 4 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 7fc4ef33c2..76e3a737a7 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1300,8 +1300,6 @@ typedef struct ssl3_state_st {
         size_t peer_sigalgslen;
         /* Sigalg peer actualy uses */
         const SIGALG_LOOKUP *peer_sigalg;
-        /* Digest peer uses for signing */
-        const EVP_MD *peer_md;
         /* Array of digests used for signing */
         const EVP_MD *md[SSL_PKEY_NUM];
         /*
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 7053ef29ba..e5c60aee78 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1981,7 +1981,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
                 al = SSL_AD_DECODE_ERROR;
                 goto err;
             }
-            md = s->s3->tmp.peer_md;
+            md = ssl_md(s->s3->tmp.peer_sigalg->hash_idx);
 #ifdef SSL_DEBUG
             fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 #endif
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index a05b67f1ea..e21a1027da 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -340,7 +340,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
                 al = SSL_AD_DECODE_ERROR;
                 goto f_err;
             }
-            md = s->s3->tmp.peer_md;
+            md = ssl_md(s->s3->tmp.peer_sigalg->hash_idx);
 #ifdef SSL_DEBUG
             fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 #endif
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 74b37e05bb..ad6ac5f26b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -937,10 +937,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
         SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
         return 0;
     }
-    /*
-     * Store the digest used so applications can retrieve it if they wish.
-     */
-    s->s3->tmp.peer_md = md;
+    /* Store the sigalg the peer uses */
     s->s3->tmp.peer_sigalg = lu;
     return 1;
 }
-- 
2.25.1