From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 26 Mar 2021 16:50:03 +0000 (+0100)
Subject: OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256
X-Git-Tag: openssl-3.0.0-alpha14~64
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2e20129a9b9f898d382d199f9debdb549b882ff;p=thirdparty%2Fopenssl.git

OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256

The comment is bogus as that call for NID_sha256 does not do
anything else than looking up the string in an internal table.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
---

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f5b063319b8..1b491e7f922 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4275,12 +4275,8 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
             if (prefer_sha256) {
                 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
 
-                /*
-                 * TODO: When there are no more legacy digests we can just use
-                 * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
-                 */
                 if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
-                                       OBJ_nid2sn(NID_sha256))) {
+                                       OSSL_DIGEST_NAME_SHA2_256)) {
                     ret = tmp;
                     break;
                 }