1 files changed, 38 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index b3bcc66f66..41004ce50a 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -758,6 +758,13 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        if (c == NULL)
                return (0);
+        /*
+         * This function does not handle EVP_AEAD.
+         * See ssl_cipher_get_aead_evp instead.
+         */
+        if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)
+                return(0);
        if ((enc == NULL) || (md == NULL))
                return (0);
@@ -884,6 +891,37 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                return (0);
 }
+/*
+ * ssl_cipher_get_evp_aead sets aead to point to the correct EVP_AEAD object
+ * for s->cipher. It returns 1 on success and 0 on error.
+ */
+int
+ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
+{
+        const SSL_CIPHER *c = s->cipher;
+        *aead = NULL;
+        if (c == NULL)
+                return 0;
+        if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0)
+                return 0;
+        switch (c->algorithm_enc) {
+#ifndef OPENSSL_NO_AES
+        case SSL_AES128GCM:
+                *aead = EVP_aead_aes_128_gcm();
+                return 1;
+        case SSL_AES256GCM:
+                *aead = EVP_aead_aes_256_gcm();
+                return 1;
+#endif
+        default:
+                break;
+        }
+        return 0;
+}
 int
 ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
 {

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index b3bcc66f66..41004ce50a 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -758,6 +758,13 @@ ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
758	if (c == NULL)	758	if (c == NULL)
759	return (0);	759	return (0);
760		760
		761	/*
		762	* This function does not handle EVP_AEAD.
		763	* See ssl_cipher_get_aead_evp instead.
		764	*/
		765	if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)
		766	return(0);
		767
761	if ((enc == NULL) \|\| (md == NULL))	768	if ((enc == NULL) \|\| (md == NULL))
762	return (0);	769	return (0);
763		770
@@ -884,6 +891,37 @@ ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
884	return (0);	891	return (0);
885	}	892	}
886		893
		894	/*
		895	* ssl_cipher_get_evp_aead sets aead to point to the correct EVP_AEAD object
		896	* for s->cipher. It returns 1 on success and 0 on error.
		897	*/
		898	int
		899	ssl_cipher_get_evp_aead(const SSL_SESSION s, const EVP_AEAD *aead)
		900	{
		901	const SSL_CIPHER *c = s->cipher;
		902
		903	*aead = NULL;
		904
		905	if (c == NULL)
		906	return 0;
		907	if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0)
		908	return 0;
		909
		910	switch (c->algorithm_enc) {
		911	#ifndef OPENSSL_NO_AES
		912	case SSL_AES128GCM:
		913	*aead = EVP_aead_aes_128_gcm();
		914	return 1;
		915	case SSL_AES256GCM:
		916	*aead = EVP_aead_aes_256_gcm();
		917	return 1;
		918	#endif
		919	default:
		920	break;
		921	}
		922	return 0;
		923	}
		924
887	int	925	int
888	ssl_get_handshake_digest(int idx, long mask, const EVP_MD *md)	926	ssl_get_handshake_digest(int idx, long mask, const EVP_MD *md)
889	{	927	{