mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/mac

Browse Source 
combos that can be implemented as AEAD ciphers.
This commit is contained in:
Andy Polyakov 2011-07-11 14:00:43 +00:00
parent 7532071aa3
commit 146e1fc7b3
1 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ssl/ssl_ciph.c
View File

@ -583,8 +583,29 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
}
if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef))
if ((*enc != NULL) &&
(*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
(!mac_pkey_type||*mac_pkey_type != NID_undef))
{
const EVP_CIPHER *evp;
if (s->ssl_version >= TLS1_VERSION &&
c->algorithm_enc == SSL_RC4 &&
c->algorithm_mac == SSL_MD5 &&
(evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
*enc = evp, *md = NULL;
else if (s->ssl_version >= TLS1_VERSION &&
c->algorithm_enc == SSL_AES128 &&
c->algorithm_mac == SSL_SHA1 &&
(evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
*enc = evp, *md = NULL;
else if (s->ssl_version >= TLS1_VERSION &&
c->algorithm_enc == SSL_AES256 &&
c->algorithm_mac == SSL_SHA1 &&
(evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
*enc = evp, *md = NULL;
return(1);
}
else
return(0);
}