diff options
| author |   jsing <jsing@openbsd.org> | 2014-06-08 16:24:49 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-06-08 16:24:49 +0000 |
| commit | f00bd4e3be17c823d1e3689f2dfc2c308bb91271 (patch) | |
| tree | ae8a1023687ea3416d770f7352bf5f962d988216 /lib/libssl/ssl_ciph.c | |
| parent | Remove an incorrect bzero() that was zeroing the (diff) | |
| download | wireguard-openbsd-f00bd4e3be17c823d1e3689f2dfc2c308bb91271.tar.xz wireguard-openbsd-f00bd4e3be17c823d1e3689f2dfc2c308bb91271.zip | |
Add an SSL_CIPHER_ALGORITHM2_AEAD flag that is used to mark a cipher as
using EVP_AEAD. Also provide an EVP_AEAD-only equivalent of
ssl_cipher_get_evp().
Diffstat (limited to 'lib/libssl/ssl_ciph.c')
| -rw-r--r-- | lib/libssl/ssl_ciph.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index b3bcc66f668..41004ce50ae 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -758,6 +758,13 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, if (c == NULL) return (0); + /* + * This function does not handle EVP_AEAD. + * See ssl_cipher_get_aead_evp instead. + */ + if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) + return(0); + if ((enc == NULL) || (md == NULL)) return (0); @@ -884,6 +891,37 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, return (0); } +/* + * ssl_cipher_get_evp_aead sets aead to point to the correct EVP_AEAD object + * for s->cipher. It returns 1 on success and 0 on error. + */ +int +ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead) +{ + const SSL_CIPHER *c = s->cipher; + + *aead = NULL; + + if (c == NULL) + return 0; + if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0) + return 0; + + switch (c->algorithm_enc) { +#ifndef OPENSSL_NO_AES + case SSL_AES128GCM: + *aead = EVP_aead_aes_128_gcm(); + return 1; + case SSL_AES256GCM: + *aead = EVP_aead_aes_256_gcm(); + return 1; +#endif + default: + break; + } + return 0; +} + int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) { |