diff options
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r-- | src/lib/libssl/ssl_ciph.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 59c3ad5a0b..e54fbacdd8 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_ciph.c,v 1.104 2018/09/08 14:29:52 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.105 2018/09/08 14:39:41 jsing Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -598,12 +598,20 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
598 | *mac_secret_size = ssl_mac_secret_size[i]; | 598 | *mac_secret_size = ssl_mac_secret_size[i]; |
599 | } | 599 | } |
600 | 600 | ||
601 | if (*enc != NULL && | 601 | if (*enc == NULL || *md == NULL || |
602 | (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) && | 602 | (mac_pkey_type != NULL && *mac_pkey_type == NID_undef)) |
603 | (!mac_pkey_type || *mac_pkey_type != NID_undef)) | 603 | return 0; |
604 | return 1; | ||
605 | 604 | ||
606 | return 0; | 605 | /* |
606 | * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not | ||
607 | * supported via EVP_CIPHER (they should be using EVP_AEAD instead). | ||
608 | */ | ||
609 | if (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER) | ||
610 | return 0; | ||
611 | if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE) | ||
612 | return 0; | ||
613 | |||
614 | return 1; | ||
607 | } | 615 | } |
608 | 616 | ||
609 | /* | 617 | /* |