1 files changed, 7 insertions, 25 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 6998645691..e429bdeafc 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.101 2018/09/03 17:45:24 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.102 2018/09/03 18:00:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -603,30 +603,12 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                        *mac_secret_size = ssl_mac_secret_size[i];
        }
-        if ((*enc != NULL) &&
+        if (*enc != NULL &&
-            (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
+            (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) &&
-            (!mac_pkey_type || *mac_pkey_type != NID_undef)) {
+            (!mac_pkey_type || *mac_pkey_type != NID_undef))
-                const EVP_CIPHER *evp;
+                return 1;
-                if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR ||
+        return 0;
-                    s->ssl_version < TLS1_VERSION)
-                        return 1;
-                if (c->algorithm_enc == SSL_RC4 &&
-                    c->algorithm_mac == SSL_MD5 &&
-                    (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
-                        *enc = evp, *md = NULL;
-                else if (c->algorithm_enc == SSL_AES128 &&
-                    c->algorithm_mac == SSL_SHA1 &&
-                    (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
-                        *enc = evp, *md = NULL;
-                else if (c->algorithm_enc == SSL_AES256 &&
-                    c->algorithm_mac == SSL_SHA1 &&
-                    (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
-                        *enc = evp, *md = NULL;
-                return (1);
-        } else
-                return (0);
 }
 /*

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 6998645691..e429bdeafc 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_ciph.c,v 1.101 2018/09/03 17:45:24 jsing Exp $ */	1	/* $OpenBSD: ssl_ciph.c,v 1.102 2018/09/03 18:00:50 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -603,30 +603,12 @@ ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
603	*mac_secret_size = ssl_mac_secret_size[i];	603	*mac_secret_size = ssl_mac_secret_size[i];
604	}	604	}
605		605
606	if ((*enc != NULL) &&	606	if (*enc != NULL &&
607	(md != NULL \|\| (EVP_CIPHER_flags(enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&	607	(md != NULL \|\| (EVP_CIPHER_flags(enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) &&
608	(!mac_pkey_type \|\| *mac_pkey_type != NID_undef)) {	608	(!mac_pkey_type \|\| *mac_pkey_type != NID_undef))
609	const EVP_CIPHER *evp;	609	return 1;
610		610
611	if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR \|\|	611	return 0;
612	s->ssl_version < TLS1_VERSION)
613	return 1;
614
615	if (c->algorithm_enc == SSL_RC4 &&
616	c->algorithm_mac == SSL_MD5 &&
617	(evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
618	enc = evp, md = NULL;
619	else if (c->algorithm_enc == SSL_AES128 &&
620	c->algorithm_mac == SSL_SHA1 &&
621	(evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
622	enc = evp, md = NULL;
623	else if (c->algorithm_enc == SSL_AES256 &&
624	c->algorithm_mac == SSL_SHA1 &&
625	(evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
626	enc = evp, md = NULL;
627	return (1);
628	} else
629	return (0);
630	}	612	}
631		613
632	/*	614	/*