1 files changed, 35 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 464a4a88fe..11250ba468 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -408,8 +408,20 @@
                                (c)->algo_strength)
 #define SSL_C_EXPORT_PKEYLENGTH(c)      SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
+/* Check if an SSL structure is using DTLS. */
+#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+/* See if we need explicit IV. */
+#define SSL_USE_EXPLICIT_IV(s) \
+        (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
+/* See if we use signature algorithms extension. */
+#define SSL_USE_SIGALGS(s) \
+        (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
+/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
+#define SSL_USE_TLS1_2_CIPHERS(s) \
+        (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
 /* Mostly for SSLv3 */
 #define SSL_PKEY_RSA_ENC        0
@@ -535,8 +547,29 @@ typedef struct ssl3_enc_method {
        int (*export_keying_material)(SSL *, unsigned char *, size_t,
            const char *, size_t, const unsigned char *, size_t,
            int use_context);
+        /* Flags indicating protocol version requirements. */
+        unsigned int enc_flags;
 } SSL3_ENC_METHOD;
+/*
+ * Flag values for enc_flags.
+ */
+/* Uses explicit IV. */
+#define SSL_ENC_FLAG_EXPLICIT_IV        (1 << 0)
+/* Uses signature algorithms extension. */
+#define SSL_ENC_FLAG_SIGALGS            (1 << 1)
+/* Uses SHA256 default PRF. */
+#define SSL_ENC_FLAG_SHA256_PRF         (1 << 2)
+/* Is DTLS. */
+#define SSL_ENC_FLAG_DTLS               (1 << 3)
+/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
+#define SSL_ENC_FLAG_TLS1_2_CIPHERS     (1 << 4)
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
 typedef struct ssl3_comp_st {
@@ -552,11 +585,11 @@ extern SSL_CIPHER ssl3_ciphers[];
 SSL_METHOD *ssl_bad_method(int ver);
 extern SSL3_ENC_METHOD TLSv1_enc_data;
+extern SSL3_ENC_METHOD TLSv1_1_enc_data;
+extern SSL3_ENC_METHOD TLSv1_2_enc_data;
 extern SSL3_ENC_METHOD SSLv3_enc_data;
 extern SSL3_ENC_METHOD DTLSv1_enc_data;
-#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
 void ssl_clear_cipher_ctx(SSL *s);
 int ssl_clear_bad_session(SSL *s);
 CERT *ssl_cert_new(void);

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 464a4a88fe..11250ba468 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -408,8 +408,20 @@
408	(c)->algo_strength)	408	(c)->algo_strength)
409	#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)	409	#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
410		410
		411	/* Check if an SSL structure is using DTLS. */
		412	#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
411		413
		414	/* See if we need explicit IV. */
		415	#define SSL_USE_EXPLICIT_IV(s) \
		416	(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
412		417
		418	/* See if we use signature algorithms extension. */
		419	#define SSL_USE_SIGALGS(s) \
		420	(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
		421
		422	/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
		423	#define SSL_USE_TLS1_2_CIPHERS(s) \
		424	(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
413		425
414	/* Mostly for SSLv3 */	426	/* Mostly for SSLv3 */
415	#define SSL_PKEY_RSA_ENC 0	427	#define SSL_PKEY_RSA_ENC 0
@@ -535,8 +547,29 @@ typedef struct ssl3_enc_method {
535	int (export_keying_material)(SSL , unsigned char *, size_t,	547	int (export_keying_material)(SSL , unsigned char *, size_t,
536	const char , size_t, const unsigned char , size_t,	548	const char , size_t, const unsigned char , size_t,
537	int use_context);	549	int use_context);
		550	/* Flags indicating protocol version requirements. */
		551	unsigned int enc_flags;
538	} SSL3_ENC_METHOD;	552	} SSL3_ENC_METHOD;
539		553
		554	/*
		555	* Flag values for enc_flags.
		556	*/
		557
		558	/* Uses explicit IV. */
		559	#define SSL_ENC_FLAG_EXPLICIT_IV (1 << 0)
		560
		561	/* Uses signature algorithms extension. */
		562	#define SSL_ENC_FLAG_SIGALGS (1 << 1)
		563
		564	/* Uses SHA256 default PRF. */
		565	#define SSL_ENC_FLAG_SHA256_PRF (1 << 2)
		566
		567	/* Is DTLS. */
		568	#define SSL_ENC_FLAG_DTLS (1 << 3)
		569
		570	/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
		571	#define SSL_ENC_FLAG_TLS1_2_CIPHERS (1 << 4)
		572
540	#ifndef OPENSSL_NO_COMP	573	#ifndef OPENSSL_NO_COMP
541	/* Used for holding the relevant compression methods loaded into SSL_CTX */	574	/* Used for holding the relevant compression methods loaded into SSL_CTX */
542	typedef struct ssl3_comp_st {	575	typedef struct ssl3_comp_st {
@@ -552,11 +585,11 @@ extern SSL_CIPHER ssl3_ciphers[];
552	SSL_METHOD *ssl_bad_method(int ver);	585	SSL_METHOD *ssl_bad_method(int ver);
553		586
554	extern SSL3_ENC_METHOD TLSv1_enc_data;	587	extern SSL3_ENC_METHOD TLSv1_enc_data;
		588	extern SSL3_ENC_METHOD TLSv1_1_enc_data;
		589	extern SSL3_ENC_METHOD TLSv1_2_enc_data;
555	extern SSL3_ENC_METHOD SSLv3_enc_data;	590	extern SSL3_ENC_METHOD SSLv3_enc_data;
556	extern SSL3_ENC_METHOD DTLSv1_enc_data;	591	extern SSL3_ENC_METHOD DTLSv1_enc_data;
557		592
558	#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
559
560	void ssl_clear_cipher_ctx(SSL *s);	593	void ssl_clear_cipher_ctx(SSL *s);
561	int ssl_clear_bad_session(SSL *s);	594	int ssl_clear_bad_session(SSL *s);
562	CERT *ssl_cert_new(void);	595	CERT *ssl_cert_new(void);