From 42c8f8f9b5b5ceb08f5182841324af709c1c559f Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Thu, 9 Jul 2020 12:27:01 +0200
Subject: [PATCH] Check for WOLFSSL_AEAD_ONLY in wolfSSL_dtls_import_internal

---
 src/internal.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index e9a888bb1..785d43e0e 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1539,25 +1539,26 @@ int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, word32 sz)
     idx += ret;
 
     SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE);
-
-    /* set hmac function to use when verifying */
-    if (ssl->options.tls == 1 || ssl->options.tls1_1 == 1 ||
-            ssl->options.dtls == 1) {
-        ssl->hmac = TLS_hmac;
-    }
-
     /* make sure is a valid suite used */
     if (wolfSSL_get_cipher(ssl) == NULL) {
         WOLFSSL_MSG("Can not match cipher suite imported");
         return MATCH_SUITE_ERROR;
     }
 
+#ifndef WOLFSSL_AEAD_ONLY
+    /* set hmac function to use when verifying */
+    if (ssl->options.tls == 1 || ssl->options.tls1_1 == 1 ||
+            ssl->options.dtls == 1) {
+        ssl->hmac = TLS_hmac;
+    }
+
     /* do not allow stream ciphers with DTLS, except for NULL cipher */
     if (ssl->specs.cipher_type == stream &&
         ssl->specs.bulk_cipher_algorithm != wolfssl_cipher_null) {
         WOLFSSL_MSG("Can not import stream ciphers for DTLS");
         return SANITY_CIPHER_E;
     }
+#endif /* !WOLFSSL_AEAD_ONLY */
 
     return idx;
 }