Make it substantially easier to identify protocol version requirements

by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
author: jsing <> 2014-05-29 16:00:16 +0000
committer: jsing <> 2014-05-29 16:00:16 +0000
commit: 523d54282c543c650be946602c618cf48ec008de (patch)
tree: e07ac6c4959ebe2e5276d36c944d7ec20c8f2f6d /src/lib/libssl/t1_lib.c
parent: 58eb928f74719c054467fb1c9ed254eab20bf136 (diff)
download: openbsd-523d54282c543c650be946602c618cf48ec008de.tar.gz
openbsd-523d54282c543c650be946602c618cf48ec008de.tar.bz2
openbsd-523d54282c543c650be946602c618cf48ec008de.zip
1 files changed, 38 insertions, 0 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 205c2558fb..1424eab6e6 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -140,6 +140,44 @@ SSL3_ENC_METHOD TLSv1_enc_data = {
        .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
        .alert_value = tls1_alert_code,
        .export_keying_material = tls1_export_keying_material,
+        .enc_flags = 0,
+};
+SSL3_ENC_METHOD TLSv1_1_enc_data = {
+        .enc = tls1_enc,
+        .mac = tls1_mac,
+        .setup_key_block = tls1_setup_key_block,
+        .generate_master_secret = tls1_generate_master_secret,
+        .change_cipher_state = tls1_change_cipher_state,
+        .final_finish_mac = tls1_final_finish_mac,
+        .finish_mac_length = TLS1_FINISH_MAC_LENGTH,
+        .cert_verify_mac = tls1_cert_verify_mac,
+        .client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
+        .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
+        .server_finished_label = TLS_MD_SERVER_FINISH_CONST,
+        .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
+        .alert_value = tls1_alert_code,
+        .export_keying_material = tls1_export_keying_material,
+        .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV,
+};
+SSL3_ENC_METHOD TLSv1_2_enc_data = {
+        .enc = tls1_enc,
+        .mac = tls1_mac,
+        .setup_key_block = tls1_setup_key_block,
+        .generate_master_secret = tls1_generate_master_secret,
+        .change_cipher_state = tls1_change_cipher_state,
+        .final_finish_mac = tls1_final_finish_mac,
+        .finish_mac_length = TLS1_FINISH_MAC_LENGTH,
+        .cert_verify_mac = tls1_cert_verify_mac,
+        .client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
+        .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
+        .server_finished_label = TLS_MD_SERVER_FINISH_CONST,
+        .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
+        .alert_value = tls1_alert_code,
+        .export_keying_material = tls1_export_keying_material,
+        .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|
+            SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS,
 };
 long
author	jsing <>	2014-05-29 16:00:16 +0000
committer	jsing <>	2014-05-29 16:00:16 +0000
commit	523d54282c543c650be946602c618cf48ec008de (patch)
tree	e07ac6c4959ebe2e5276d36c944d7ec20c8f2f6d /src/lib/libssl/t1_lib.c
parent	58eb928f74719c054467fb1c9ed254eab20bf136 (diff)
download	openbsd-523d54282c543c650be946602c618cf48ec008de.tar.gz openbsd-523d54282c543c650be946602c618cf48ec008de.tar.bz2 openbsd-523d54282c543c650be946602c618cf48ec008de.zip

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 205c2558fb..1424eab6e6 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -140,6 +140,44 @@ SSL3_ENC_METHOD TLSv1_enc_data = {
140	.server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,	140	.server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
141	.alert_value = tls1_alert_code,	141	.alert_value = tls1_alert_code,
142	.export_keying_material = tls1_export_keying_material,	142	.export_keying_material = tls1_export_keying_material,
		143	.enc_flags = 0,
		144	};
		145
		146	SSL3_ENC_METHOD TLSv1_1_enc_data = {
		147	.enc = tls1_enc,
		148	.mac = tls1_mac,
		149	.setup_key_block = tls1_setup_key_block,
		150	.generate_master_secret = tls1_generate_master_secret,
		151	.change_cipher_state = tls1_change_cipher_state,
		152	.final_finish_mac = tls1_final_finish_mac,
		153	.finish_mac_length = TLS1_FINISH_MAC_LENGTH,
		154	.cert_verify_mac = tls1_cert_verify_mac,
		155	.client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
		156	.client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
		157	.server_finished_label = TLS_MD_SERVER_FINISH_CONST,
		158	.server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
		159	.alert_value = tls1_alert_code,
		160	.export_keying_material = tls1_export_keying_material,
		161	.enc_flags = SSL_ENC_FLAG_EXPLICIT_IV,
		162	};
		163
		164	SSL3_ENC_METHOD TLSv1_2_enc_data = {
		165	.enc = tls1_enc,
		166	.mac = tls1_mac,
		167	.setup_key_block = tls1_setup_key_block,
		168	.generate_master_secret = tls1_generate_master_secret,
		169	.change_cipher_state = tls1_change_cipher_state,
		170	.final_finish_mac = tls1_final_finish_mac,
		171	.finish_mac_length = TLS1_FINISH_MAC_LENGTH,
		172	.cert_verify_mac = tls1_cert_verify_mac,
		173	.client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
		174	.client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
		175	.server_finished_label = TLS_MD_SERVER_FINISH_CONST,
		176	.server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
		177	.alert_value = tls1_alert_code,
		178	.export_keying_material = tls1_export_keying_material,
		179	.enc_flags = SSL_ENC_FLAG_EXPLICIT_IV\|SSL_ENC_FLAG_SIGALGS\|
		180	SSL_ENC_FLAG_SHA256_PRF\|SSL_ENC_FLAG_TLS1_2_CIPHERS,
143	};	181	};
144		182
145	long	183	long