Remove indirection in loading ciphers.

Simplify all the cipher gathering logic. The set of supported ciphers is known, so there is no need to determine if some cipher exists but doesn't work. Change-Id: Idcaae67e7bfc40a3deb925d85ee1a99a931b67e7 Reviewed-on: https://boringssl-review.googlesource.com/1756 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2014-08-30 22:43:27 +0400
committer: Adam Langley <agl@google.com> 2014-09-16 01:06:10 +0400
commit: d633d6303c59d7e0ea5e4014cbf546631f38ec22 (patch)
tree: 267a40ad96ece1c8a18f52199b1ebadb6003591a /ssl/t1_enc.c
parent: 172fc2c42716c45ea02626ca8a31703e4dd89b33 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 2f925245..ca6bf6c0 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -596,7 +596,9 @@ int tls1_setup_key_block(SSL *s)
 			goto cipher_unavailable_err;
 		key_len = EVP_AEAD_key_length(aead);
 		iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->session->cipher);
-		if (!ssl_cipher_get_mac(s->session, &hash, &mac_type, &mac_secret_size))
+		if ((s->session->cipher->algorithm2 &
+				SSL_CIPHER_ALGORITHM2_STATEFUL_AEAD) &&
+			!ssl_cipher_get_mac(s->session, &hash, &mac_type, &mac_secret_size))
 			goto cipher_unavailable_err;
 		/* For "stateful" AEADs (i.e. compatibility with pre-AEAD
 		 * cipher suites) the key length reported by
author	David Benjamin <davidben@chromium.org>	2014-08-30 22:43:27 +0400
committer	Adam Langley <agl@google.com>	2014-09-16 01:06:10 +0400
commit	d633d6303c59d7e0ea5e4014cbf546631f38ec22 (patch)
tree	267a40ad96ece1c8a18f52199b1ebadb6003591a /ssl/t1_enc.c
parent	172fc2c42716c45ea02626ca8a31703e4dd89b33 (diff)