Back-port TLS AEAD framework [from HEAD].

author: Andy Polyakov <appro@openssl.org> 2011-07-21 19:22:57 +0000
committer: Andy Polyakov <appro@openssl.org> 2011-07-21 19:22:57 +0000
commit: 90f3e4cf053ff1a9fcaec0899ffc5428f7cff28e (patch)
tree: d3676121180e0ad767a1eb43491e5c4694a41a4d /ssl/ssl_ciph.c
parent: 7bd8bf58bba469038f8573ee0e819f0a888f675f (diff)
1 files changed, 22 insertions, 1 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 87a9f68ce9..b0542d1b4a 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -583,8 +583,29 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 		if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
 	}	
 
-	if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef))
+	if ((*enc != NULL) &&
+	    (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
+	    (!mac_pkey_type||*mac_pkey_type != NID_undef))
+		{
+		const EVP_CIPHER *evp;
+
+		if	(s->ssl_version >= TLS1_VERSION &&
+			 c->algorithm_enc == SSL_RC4 &&
+			 c->algorithm_mac == SSL_MD5 &&
+			 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
+			*enc = evp, *md = NULL;
+		else if (s->ssl_version >= TLS1_VERSION &&
+			 c->algorithm_enc == SSL_AES128 &&
+			 c->algorithm_mac == SSL_SHA1 &&
+			 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+			*enc = evp, *md = NULL;
+		else if (s->ssl_version >= TLS1_VERSION &&
+			 c->algorithm_enc == SSL_AES256 &&
+			 c->algorithm_mac == SSL_SHA1 &&
+			 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+			*enc = evp, *md = NULL;
 		return(1);
+		}
 	else
 		return(0);
 	}
author	Andy Polyakov <appro@openssl.org>	2011-07-21 19:22:57 +0000
committer	Andy Polyakov <appro@openssl.org>	2011-07-21 19:22:57 +0000
commit	90f3e4cf053ff1a9fcaec0899ffc5428f7cff28e (patch)
tree	d3676121180e0ad767a1eb43491e5c4694a41a4d /ssl/ssl_ciph.c
parent	7bd8bf58bba469038f8573ee0e819f0a888f675f (diff)