diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-03-13 15:33:24 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-03-18 15:03:58 +0000 |
commit | cbd64894ec687c6f37d8e43c16dff78e63f6be87 (patch) | |
tree | be8c67256a02cbe24fc2d44c9488bb547e71046f /ssl/s3_pkt.c | |
parent | 6de2649a6b349bde9c9fb62c3a3d5d6344d8259c (diff) | |
download | openssl-cbd64894ec687c6f37d8e43c16dff78e63f6be87.tar.gz |
Use enc_flags when deciding protocol variations.
Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.
Diffstat (limited to 'ssl/s3_pkt.c')
-rw-r--r-- | ssl/s3_pkt.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index ffd9c19fab..80562914f0 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -180,7 +180,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) /* For DTLS/UDP reads should not span multiple packets * because the read operation returns the whole packet * at once (as long as it fits into the buffer). */ - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + if (SSL_IS_DTLS(s)) { if (left > 0 && n > left) n = left; @@ -248,7 +248,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) { rb->left = left; if (s->mode & SSL_MODE_RELEASE_BUFFERS && - SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) + !SSL_IS_DTLS(s)) if (len+left == 0) ssl3_release_read_buffer(s); return(i); @@ -257,7 +257,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) /* reads should *never* span multiple packets for DTLS because * the underlying transport protocol is message oriented as opposed * to byte oriented as in the TLS case. */ - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + if (SSL_IS_DTLS(s)) { if (n > left) n = left; /* makes the while condition false */ @@ -757,8 +757,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* field where we are to write out packet length */ plen=p; p+=2; - /* Explicit IV length, block ciphers and TLS version 1.1 or later */ - if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) + /* Explicit IV length, block ciphers appropriate version flag */ + if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) @@ -895,7 +895,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, wb->left=0; wb->offset+=i; if (s->mode & SSL_MODE_RELEASE_BUFFERS && - SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) + !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); s->rwstate=SSL_NOTHING; return(s->s3->wpend_ret); |