diff options
author | Andy Polyakov <appro@openssl.org> | 2011-07-11 14:00:43 +0000 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2011-07-11 14:00:43 +0000 |
commit | 146e1fc7b3d4bbc6b940b939750d05c72135ae51 (patch) | |
tree | 989b714f9a6201ee6bbf8a51a7ad8482601df021 | |
parent | 7532071aa3ad7845b53f6943327c75b7c0b3e37c (diff) |
ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/mac
combos that can be implemented as AEAD ciphers.
-rw-r--r-- | ssl/ssl_ciph.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 87a9f68ce9..b0542d1b4a 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -583,8 +583,29 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i]; } - if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef)) + if ((*enc != NULL) && + (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && + (!mac_pkey_type||*mac_pkey_type != NID_undef)) + { + const EVP_CIPHER *evp; + + if (s->ssl_version >= TLS1_VERSION && + c->algorithm_enc == SSL_RC4 && + c->algorithm_mac == SSL_MD5 && + (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) + *enc = evp, *md = NULL; + else if (s->ssl_version >= TLS1_VERSION && + c->algorithm_enc == SSL_AES128 && + c->algorithm_mac == SSL_SHA1 && + (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; + else if (s->ssl_version >= TLS1_VERSION && + c->algorithm_enc == SSL_AES256 && + c->algorithm_mac == SSL_SHA1 && + (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; return(1); + } else return(0); } |