diff options
| author | jsing <> | 2014-05-30 14:01:11 +0000 |
|---|---|---|
| committer | jsing <> | 2014-05-30 14:01:11 +0000 |
| commit | d7bb67cc99974281f55641afa52a0f9e8f1ff938 (patch) | |
| tree | feaa5e2dc937f09df0609d84b0849a48c405df08 /src/lib/libssl/t1_enc.c | |
| parent | 7388822d9393b64a9eb25e34c9bac56fb7f39f15 (diff) | |
| download | openbsd-d7bb67cc99974281f55641afa52a0f9e8f1ff938.tar.gz openbsd-d7bb67cc99974281f55641afa52a0f9e8f1ff938.tar.bz2 openbsd-d7bb67cc99974281f55641afa52a0f9e8f1ff938.zip | |
Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and
SSL_USE_TLS1_2_CIPHERS.
Largely based on OpenSSL head.
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 87860feda9..9d47bde6c6 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -639,14 +639,11 @@ tls1_enc(SSL *s, int send) | |||
| 639 | if (s->enc_write_ctx == NULL) | 639 | if (s->enc_write_ctx == NULL) |
| 640 | enc = NULL; | 640 | enc = NULL; |
| 641 | else { | 641 | else { |
| 642 | int ivlen; | 642 | int ivlen = 0; |
| 643 | enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | 643 | enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); |
| 644 | /* For TLSv1.1 and later explicit IV */ | 644 | if (SSL_USE_EXPLICIT_IV(s) && |
| 645 | if (s->version >= TLS1_1_VERSION && | ||
| 646 | EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) | 645 | EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) |
| 647 | ivlen = EVP_CIPHER_iv_length(enc); | 646 | ivlen = EVP_CIPHER_iv_length(enc); |
| 648 | else | ||
| 649 | ivlen = 0; | ||
| 650 | if (ivlen > 1) { | 647 | if (ivlen > 1) { |
| 651 | if (rec->data != rec->input) | 648 | if (rec->data != rec->input) |
| 652 | /* we can't write into the input stream: | 649 | /* we can't write into the input stream: |
| @@ -686,7 +683,7 @@ tls1_enc(SSL *s, int send) | |||
| 686 | 683 | ||
| 687 | seq = send ? s->s3->write_sequence : s->s3->read_sequence; | 684 | seq = send ? s->s3->write_sequence : s->s3->read_sequence; |
| 688 | 685 | ||
| 689 | if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { | 686 | if (SSL_IS_DTLS(s)) { |
| 690 | unsigned char dtlsseq[9], *p = dtlsseq; | 687 | unsigned char dtlsseq[9], *p = dtlsseq; |
| 691 | 688 | ||
| 692 | s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p); | 689 | s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p); |
| @@ -876,7 +873,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 876 | mac_ctx = &hmac; | 873 | mac_ctx = &hmac; |
| 877 | } | 874 | } |
| 878 | 875 | ||
| 879 | if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) { | 876 | if (SSL_IS_DTLS(ssl)) { |
| 880 | unsigned char dtlsseq[8], *p = dtlsseq; | 877 | unsigned char dtlsseq[8], *p = dtlsseq; |
| 881 | 878 | ||
| 882 | s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p); | 879 | s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p); |
| @@ -919,7 +916,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 919 | if (!stream_mac) | 916 | if (!stream_mac) |
| 920 | EVP_MD_CTX_cleanup(&hmac); | 917 | EVP_MD_CTX_cleanup(&hmac); |
| 921 | 918 | ||
| 922 | if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) { | 919 | if (!SSL_IS_DTLS(ssl)) { |
| 923 | for (i = 7; i >= 0; i--) { | 920 | for (i = 7; i >= 0; i--) { |
| 924 | ++seq[i]; | 921 | ++seq[i]; |
| 925 | if (seq[i] != 0) | 922 | if (seq[i] != 0) |