summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r--src/lib/libssl/ssl_ciph.c20
1 files changed, 14 insertions, 6 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 59c3ad5a0b..e54fbacdd8 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.104 2018/09/08 14:29:52 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.105 2018/09/08 14:39:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -598,12 +598,20 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
598 *mac_secret_size = ssl_mac_secret_size[i]; 598 *mac_secret_size = ssl_mac_secret_size[i];
599 } 599 }
600 600
601 if (*enc != NULL && 601 if (*enc == NULL || *md == NULL ||
602 (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) && 602 (mac_pkey_type != NULL && *mac_pkey_type == NID_undef))
603 (!mac_pkey_type || *mac_pkey_type != NID_undef)) 603 return 0;
604 return 1;
605 604
606 return 0; 605 /*
606 * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not
607 * supported via EVP_CIPHER (they should be using EVP_AEAD instead).
608 */
609 if (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)
610 return 0;
611 if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE)
612 return 0;
613
614 return 1;
607} 615}
608 616
609/* 617/*