diff options
| author |   jsing <jsing@openbsd.org> | 2018-09-08 14:39:41 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2018-09-08 14:39:41 +0000 |
| commit | ccfc0b04c0bee73b50fdfb0d219e172f018de475 (patch) | |
| tree | cb21fc0e3071629492577b0f618cd7ad8a07d609 /lib/libssl/ssl_ciph.c | |
| parent | SSL_MAX_DIGEST is no longer needed. (diff) | |
| download | wireguard-openbsd-ccfc0b04c0bee73b50fdfb0d219e172f018de475.tar.xz wireguard-openbsd-ccfc0b04c0bee73b50fdfb0d219e172f018de475.zip | |
Remove now unused code for EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE.
ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl/ssl_ciph.c')
| -rw-r--r-- | lib/libssl/ssl_ciph.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 59c3ad5a0b1..e54fbacdd87 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.104 2018/09/08 14:29:52 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.105 2018/09/08 14:39:41 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -598,12 +598,20 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, *mac_secret_size = ssl_mac_secret_size[i]; } - if (*enc != NULL && - (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) && - (!mac_pkey_type || *mac_pkey_type != NID_undef)) - return 1; + if (*enc == NULL || *md == NULL || + (mac_pkey_type != NULL && *mac_pkey_type == NID_undef)) + return 0; - return 0; + /* + * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not + * supported via EVP_CIPHER (they should be using EVP_AEAD instead). + */ + if (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER) + return 0; + if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE) + return 0; + + return 1; } /* |