diff options
| author | jsing <> | 2014-05-30 14:01:11 +0000 |
|---|---|---|
| committer | jsing <> | 2014-05-30 14:01:11 +0000 |
| commit | d7bb67cc99974281f55641afa52a0f9e8f1ff938 (patch) | |
| tree | feaa5e2dc937f09df0609d84b0849a48c405df08 /src/lib/libssl/s3_pkt.c | |
| parent | 7388822d9393b64a9eb25e34c9bac56fb7f39f15 (diff) | |
| download | openbsd-d7bb67cc99974281f55641afa52a0f9e8f1ff938.tar.gz openbsd-d7bb67cc99974281f55641afa52a0f9e8f1ff938.tar.bz2 openbsd-d7bb67cc99974281f55641afa52a0f9e8f1ff938.zip | |
Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and
SSL_USE_TLS1_2_CIPHERS.
Largely based on OpenSSL head.
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 28 |
1 files changed, 13 insertions, 15 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 3a167f058c..b8be8b5255 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -178,7 +178,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 178 | /* For DTLS/UDP reads should not span multiple packets | 178 | /* For DTLS/UDP reads should not span multiple packets |
| 179 | * because the read operation returns the whole packet | 179 | * because the read operation returns the whole packet |
| 180 | * at once (as long as it fits into the buffer). */ | 180 | * at once (as long as it fits into the buffer). */ |
| 181 | if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { | 181 | if (SSL_IS_DTLS(s)) { |
| 182 | if (left > 0 && n > left) | 182 | if (left > 0 && n > left) |
| 183 | n = left; | 183 | n = left; |
| 184 | } | 184 | } |
| @@ -238,18 +238,17 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 238 | if (i <= 0) { | 238 | if (i <= 0) { |
| 239 | rb->left = left; | 239 | rb->left = left; |
| 240 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && | 240 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && |
| 241 | SSL_version(s) != DTLS1_VERSION && | 241 | !SSL_IS_DTLS(s)) { |
| 242 | SSL_version(s) != DTLS1_BAD_VER) | ||
| 243 | if (len + left == 0) | 242 | if (len + left == 0) |
| 244 | ssl3_release_read_buffer(s); | 243 | ssl3_release_read_buffer(s); |
| 244 | } | ||
| 245 | return (i); | 245 | return (i); |
| 246 | } | 246 | } |
| 247 | left += i; | 247 | left += i; |
| 248 | /* reads should *never* span multiple packets for DTLS because | 248 | /* reads should *never* span multiple packets for DTLS because |
| 249 | * the underlying transport protocol is message oriented as opposed | 249 | * the underlying transport protocol is message oriented as opposed |
| 250 | * to byte oriented as in the TLS case. */ | 250 | * to byte oriented as in the TLS case. */ |
| 251 | if (SSL_version(s) == DTLS1_VERSION || | 251 | if (SSL_IS_DTLS(s)) { |
| 252 | SSL_version(s) == DTLS1_BAD_VER) { | ||
| 253 | if (n > left) | 252 | if (n > left) |
| 254 | n = left; /* makes the while condition false */ | 253 | n = left; /* makes the while condition false */ |
| 255 | } | 254 | } |
| @@ -722,10 +721,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 722 | 721 | ||
| 723 | /* field where we are to write out packet length */ | 722 | /* field where we are to write out packet length */ |
| 724 | plen = p; | 723 | plen = p; |
| 725 | |||
| 726 | p += 2; | 724 | p += 2; |
| 727 | /* Explicit IV length, block ciphers and TLS version 1.1 or later */ | 725 | |
| 728 | if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) { | 726 | /* Explicit IV length. */ |
| 727 | if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { | ||
| 729 | int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); | 728 | int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); |
| 730 | if (mode == EVP_CIPH_CBC_MODE) { | 729 | if (mode == EVP_CIPH_CBC_MODE) { |
| 731 | eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); | 730 | eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); |
| @@ -844,18 +843,17 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | |||
| 844 | wb->left = 0; | 843 | wb->left = 0; |
| 845 | wb->offset += i; | 844 | wb->offset += i; |
| 846 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && | 845 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && |
| 847 | SSL_version(s) != DTLS1_VERSION && | 846 | !SSL_IS_DTLS(s)) |
| 848 | SSL_version(s) != DTLS1_BAD_VER) | ||
| 849 | ssl3_release_write_buffer(s); | 847 | ssl3_release_write_buffer(s); |
| 850 | s->rwstate = SSL_NOTHING; | 848 | s->rwstate = SSL_NOTHING; |
| 851 | return (s->s3->wpend_ret); | 849 | return (s->s3->wpend_ret); |
| 852 | } else if (i <= 0) { | 850 | } else if (i <= 0) { |
| 853 | if (s->version == DTLS1_VERSION || | 851 | /* |
| 854 | s->version == DTLS1_BAD_VER) { | 852 | * For DTLS, just drop it. That's kind of the |
| 855 | /* For DTLS, just drop it. That's kind of the whole | 853 | * whole point in using a datagram service. |
| 856 | point in using a datagram service */ | 854 | */ |
| 855 | if (SSL_IS_DTLS(s)) | ||
| 857 | wb->left = 0; | 856 | wb->left = 0; |
| 858 | } | ||
| 859 | return (i); | 857 | return (i); |
| 860 | } | 858 | } |
| 861 | wb->offset += i; | 859 | wb->offset += i; |