diff options
author | Andy Polyakov <appro@openssl.org> | 2011-07-21 19:22:57 +0000 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2011-07-21 19:22:57 +0000 |
commit | 90f3e4cf053ff1a9fcaec0899ffc5428f7cff28e (patch) | |
tree | d3676121180e0ad767a1eb43491e5c4694a41a4d /ssl/ssl_ciph.c | |
parent | 7bd8bf58bba469038f8573ee0e819f0a888f675f (diff) |
Back-port TLS AEAD framework [from HEAD].
Diffstat (limited to 'ssl/ssl_ciph.c')
-rw-r--r-- | ssl/ssl_ciph.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 87a9f68ce9..b0542d1b4a 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -583,8 +583,29 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i]; } - if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef)) + if ((*enc != NULL) && + (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && + (!mac_pkey_type||*mac_pkey_type != NID_undef)) + { + const EVP_CIPHER *evp; + + if (s->ssl_version >= TLS1_VERSION && + c->algorithm_enc == SSL_RC4 && + c->algorithm_mac == SSL_MD5 && + (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) + *enc = evp, *md = NULL; + else if (s->ssl_version >= TLS1_VERSION && + c->algorithm_enc == SSL_AES128 && + c->algorithm_mac == SSL_SHA1 && + (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; + else if (s->ssl_version >= TLS1_VERSION && + c->algorithm_enc == SSL_AES256 && + c->algorithm_mac == SSL_SHA1 && + (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; return(1); + } else return(0); } |