Check EVP errors for handshake digests.

[openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index afdc8ff5df57803e410909ae420cce35066bb2e6..a5c417a9ed55ac713ffec5144e7f23087095d6e8 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -485,7 +485,7 @@ static void load_builtin_compressions(void)
 #endif
 
 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-            const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
+            const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp, int use_etm)
        {
        int i;
        const SSL_CIPHER *c;
@@ -617,6 +617,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                {
                const EVP_CIPHER *evp;
 
+               if (use_etm)
+                       return 1;
+
                if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
                    s->ssl_version < TLS1_VERSION)
                        return 1;
@@ -1358,7 +1361,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 
        return(retval);
        }
-
+#ifndef OPENSSL_NO_EC
 static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                                        const char **prule_str)
        {
@@ -1417,6 +1420,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
        c->ecdh_tmp_auto = 1;
        return 1;
        }
+#endif
 
 
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1436,10 +1440,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
                return NULL;
-
+#ifndef OPENSSL_NO_EC
        if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
                return NULL;
-
+#endif
 
        /*
         * To reduce the work to do we only want to process the compiled