From 523d54282c543c650be946602c618cf48ec008de Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 29 May 2014 16:00:16 +0000 Subject: Make it substantially easier to identify protocol version requirements by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@ --- src/lib/libssl/d1_lib.c | 1 + src/lib/libssl/s3_lib.c | 2 +- src/lib/libssl/src/ssl/d1_lib.c | 1 + src/lib/libssl/src/ssl/s3_lib.c | 2 +- src/lib/libssl/src/ssl/ssl_lib.c | 1 + src/lib/libssl/src/ssl/ssl_locl.h | 37 +++++++++++++++++++++++++++++++++++-- src/lib/libssl/src/ssl/t1_clnt.c | 4 ++-- src/lib/libssl/src/ssl/t1_lib.c | 38 ++++++++++++++++++++++++++++++++++++++ src/lib/libssl/src/ssl/t1_meth.c | 4 ++-- src/lib/libssl/src/ssl/t1_srvr.c | 4 ++-- src/lib/libssl/ssl_lib.c | 1 + src/lib/libssl/ssl_locl.h | 37 +++++++++++++++++++++++++++++++++++-- src/lib/libssl/t1_clnt.c | 4 ++-- src/lib/libssl/t1_lib.c | 38 ++++++++++++++++++++++++++++++++++++++ src/lib/libssl/t1_meth.c | 4 ++-- src/lib/libssl/t1_srvr.c | 4 ++-- 16 files changed, 164 insertions(+), 18 deletions(-) diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index 87bc9b68c6..4ee3e36168 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c @@ -86,6 +86,7 @@ SSL3_ENC_METHOD DTLSv1_enc_data = { .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, .alert_value = tls1_alert_code, .export_keying_material = tls1_export_keying_material, + .enc_flags = SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV, }; long diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 2f4ab38863..e3770bd0ae 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -2270,6 +2270,7 @@ SSL3_ENC_METHOD SSLv3_enc_data = { .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, const char *, size_t, const unsigned char *, size_t, int use_context))ssl_undefined_function, + .enc_flags = 0, }; long @@ -3062,7 +3063,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, emask_k = cert->export_mask_k; emask_a = cert->export_mask_a; - alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c index 87bc9b68c6..4ee3e36168 100644 --- a/src/lib/libssl/src/ssl/d1_lib.c +++ b/src/lib/libssl/src/ssl/d1_lib.c @@ -86,6 +86,7 @@ SSL3_ENC_METHOD DTLSv1_enc_data = { .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, .alert_value = tls1_alert_code, .export_keying_material = tls1_export_keying_material, + .enc_flags = SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV, }; long diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index 2f4ab38863..e3770bd0ae 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c @@ -2270,6 +2270,7 @@ SSL3_ENC_METHOD SSLv3_enc_data = { .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, const char *, size_t, const unsigned char *, size_t, int use_context))ssl_undefined_function, + .enc_flags = 0, }; long @@ -3062,7 +3063,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, emask_k = cert->export_mask_k; emask_a = cert->export_mask_a; - alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index f1c92ee2f6..6cc02c8d7a 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c @@ -182,6 +182,7 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, const char *, size_t, const unsigned char *, size_t, int use_context))ssl_undefined_function, + .enc_flags = 0, }; int diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 464a4a88fe..11250ba468 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h @@ -408,8 +408,20 @@ (c)->algo_strength) #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) +/* Check if an SSL structure is using DTLS. */ +#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) +/* See if we need explicit IV. */ +#define SSL_USE_EXPLICIT_IV(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) +/* See if we use signature algorithms extension. */ +#define SSL_USE_SIGALGS(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) + +/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ +#define SSL_USE_TLS1_2_CIPHERS(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) /* Mostly for SSLv3 */ #define SSL_PKEY_RSA_ENC 0 @@ -535,8 +547,29 @@ typedef struct ssl3_enc_method { int (*export_keying_material)(SSL *, unsigned char *, size_t, const char *, size_t, const unsigned char *, size_t, int use_context); + /* Flags indicating protocol version requirements. */ + unsigned int enc_flags; } SSL3_ENC_METHOD; +/* + * Flag values for enc_flags. + */ + +/* Uses explicit IV. */ +#define SSL_ENC_FLAG_EXPLICIT_IV (1 << 0) + +/* Uses signature algorithms extension. */ +#define SSL_ENC_FLAG_SIGALGS (1 << 1) + +/* Uses SHA256 default PRF. */ +#define SSL_ENC_FLAG_SHA256_PRF (1 << 2) + +/* Is DTLS. */ +#define SSL_ENC_FLAG_DTLS (1 << 3) + +/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ +#define SSL_ENC_FLAG_TLS1_2_CIPHERS (1 << 4) + #ifndef OPENSSL_NO_COMP /* Used for holding the relevant compression methods loaded into SSL_CTX */ typedef struct ssl3_comp_st { @@ -552,11 +585,11 @@ extern SSL_CIPHER ssl3_ciphers[]; SSL_METHOD *ssl_bad_method(int ver); extern SSL3_ENC_METHOD TLSv1_enc_data; +extern SSL3_ENC_METHOD TLSv1_1_enc_data; +extern SSL3_ENC_METHOD TLSv1_2_enc_data; extern SSL3_ENC_METHOD SSLv3_enc_data; extern SSL3_ENC_METHOD DTLSv1_enc_data; -#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) - void ssl_clear_cipher_ctx(SSL *s); int ssl_clear_bad_session(SSL *s); CERT *ssl_cert_new(void); diff --git a/src/lib/libssl/src/ssl/t1_clnt.c b/src/lib/libssl/src/ssl/t1_clnt.c index 2223422d93..39b1d2a324 100644 --- a/src/lib/libssl/src/ssl/t1_clnt.c +++ b/src/lib/libssl/src/ssl/t1_clnt.c @@ -123,7 +123,7 @@ const SSL_METHOD TLSv1_1_client_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_client_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_1_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, @@ -155,7 +155,7 @@ const SSL_METHOD TLSv1_2_client_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_client_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_2_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 205c2558fb..1424eab6e6 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c @@ -140,6 +140,44 @@ SSL3_ENC_METHOD TLSv1_enc_data = { .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, .alert_value = tls1_alert_code, .export_keying_material = tls1_export_keying_material, + .enc_flags = 0, +}; + +SSL3_ENC_METHOD TLSv1_1_enc_data = { + .enc = tls1_enc, + .mac = tls1_mac, + .setup_key_block = tls1_setup_key_block, + .generate_master_secret = tls1_generate_master_secret, + .change_cipher_state = tls1_change_cipher_state, + .final_finish_mac = tls1_final_finish_mac, + .finish_mac_length = TLS1_FINISH_MAC_LENGTH, + .cert_verify_mac = tls1_cert_verify_mac, + .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, + .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, + .server_finished_label = TLS_MD_SERVER_FINISH_CONST, + .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, + .alert_value = tls1_alert_code, + .export_keying_material = tls1_export_keying_material, + .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV, +}; + +SSL3_ENC_METHOD TLSv1_2_enc_data = { + .enc = tls1_enc, + .mac = tls1_mac, + .setup_key_block = tls1_setup_key_block, + .generate_master_secret = tls1_generate_master_secret, + .change_cipher_state = tls1_change_cipher_state, + .final_finish_mac = tls1_final_finish_mac, + .finish_mac_length = TLS1_FINISH_MAC_LENGTH, + .cert_verify_mac = tls1_cert_verify_mac, + .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, + .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, + .server_finished_label = TLS_MD_SERVER_FINISH_CONST, + .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, + .alert_value = tls1_alert_code, + .export_keying_material = tls1_export_keying_material, + .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS| + SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS, }; long diff --git a/src/lib/libssl/src/ssl/t1_meth.c b/src/lib/libssl/src/ssl/t1_meth.c index b39303b369..6bdffd2332 100644 --- a/src/lib/libssl/src/ssl/t1_meth.c +++ b/src/lib/libssl/src/ssl/t1_meth.c @@ -120,7 +120,7 @@ const SSL_METHOD TLSv1_1_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_1_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, @@ -152,7 +152,7 @@ const SSL_METHOD TLSv1_2_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_2_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, diff --git a/src/lib/libssl/src/ssl/t1_srvr.c b/src/lib/libssl/src/ssl/t1_srvr.c index d38afc5a21..721b190a84 100644 --- a/src/lib/libssl/src/ssl/t1_srvr.c +++ b/src/lib/libssl/src/ssl/t1_srvr.c @@ -124,7 +124,7 @@ const SSL_METHOD TLSv1_1_server_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_server_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_1_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, @@ -156,7 +156,7 @@ const SSL_METHOD TLSv1_2_server_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_server_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_2_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index f1c92ee2f6..6cc02c8d7a 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c @@ -182,6 +182,7 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, const char *, size_t, const unsigned char *, size_t, int use_context))ssl_undefined_function, + .enc_flags = 0, }; int diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 464a4a88fe..11250ba468 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -408,8 +408,20 @@ (c)->algo_strength) #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) +/* Check if an SSL structure is using DTLS. */ +#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) +/* See if we need explicit IV. */ +#define SSL_USE_EXPLICIT_IV(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) +/* See if we use signature algorithms extension. */ +#define SSL_USE_SIGALGS(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) + +/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ +#define SSL_USE_TLS1_2_CIPHERS(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) /* Mostly for SSLv3 */ #define SSL_PKEY_RSA_ENC 0 @@ -535,8 +547,29 @@ typedef struct ssl3_enc_method { int (*export_keying_material)(SSL *, unsigned char *, size_t, const char *, size_t, const unsigned char *, size_t, int use_context); + /* Flags indicating protocol version requirements. */ + unsigned int enc_flags; } SSL3_ENC_METHOD; +/* + * Flag values for enc_flags. + */ + +/* Uses explicit IV. */ +#define SSL_ENC_FLAG_EXPLICIT_IV (1 << 0) + +/* Uses signature algorithms extension. */ +#define SSL_ENC_FLAG_SIGALGS (1 << 1) + +/* Uses SHA256 default PRF. */ +#define SSL_ENC_FLAG_SHA256_PRF (1 << 2) + +/* Is DTLS. */ +#define SSL_ENC_FLAG_DTLS (1 << 3) + +/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ +#define SSL_ENC_FLAG_TLS1_2_CIPHERS (1 << 4) + #ifndef OPENSSL_NO_COMP /* Used for holding the relevant compression methods loaded into SSL_CTX */ typedef struct ssl3_comp_st { @@ -552,11 +585,11 @@ extern SSL_CIPHER ssl3_ciphers[]; SSL_METHOD *ssl_bad_method(int ver); extern SSL3_ENC_METHOD TLSv1_enc_data; +extern SSL3_ENC_METHOD TLSv1_1_enc_data; +extern SSL3_ENC_METHOD TLSv1_2_enc_data; extern SSL3_ENC_METHOD SSLv3_enc_data; extern SSL3_ENC_METHOD DTLSv1_enc_data; -#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) - void ssl_clear_cipher_ctx(SSL *s); int ssl_clear_bad_session(SSL *s); CERT *ssl_cert_new(void); diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c index 2223422d93..39b1d2a324 100644 --- a/src/lib/libssl/t1_clnt.c +++ b/src/lib/libssl/t1_clnt.c @@ -123,7 +123,7 @@ const SSL_METHOD TLSv1_1_client_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_client_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_1_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, @@ -155,7 +155,7 @@ const SSL_METHOD TLSv1_2_client_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_client_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_2_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 205c2558fb..1424eab6e6 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c @@ -140,6 +140,44 @@ SSL3_ENC_METHOD TLSv1_enc_data = { .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, .alert_value = tls1_alert_code, .export_keying_material = tls1_export_keying_material, + .enc_flags = 0, +}; + +SSL3_ENC_METHOD TLSv1_1_enc_data = { + .enc = tls1_enc, + .mac = tls1_mac, + .setup_key_block = tls1_setup_key_block, + .generate_master_secret = tls1_generate_master_secret, + .change_cipher_state = tls1_change_cipher_state, + .final_finish_mac = tls1_final_finish_mac, + .finish_mac_length = TLS1_FINISH_MAC_LENGTH, + .cert_verify_mac = tls1_cert_verify_mac, + .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, + .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, + .server_finished_label = TLS_MD_SERVER_FINISH_CONST, + .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, + .alert_value = tls1_alert_code, + .export_keying_material = tls1_export_keying_material, + .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV, +}; + +SSL3_ENC_METHOD TLSv1_2_enc_data = { + .enc = tls1_enc, + .mac = tls1_mac, + .setup_key_block = tls1_setup_key_block, + .generate_master_secret = tls1_generate_master_secret, + .change_cipher_state = tls1_change_cipher_state, + .final_finish_mac = tls1_final_finish_mac, + .finish_mac_length = TLS1_FINISH_MAC_LENGTH, + .cert_verify_mac = tls1_cert_verify_mac, + .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, + .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, + .server_finished_label = TLS_MD_SERVER_FINISH_CONST, + .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, + .alert_value = tls1_alert_code, + .export_keying_material = tls1_export_keying_material, + .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS| + SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS, }; long diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c index b39303b369..6bdffd2332 100644 --- a/src/lib/libssl/t1_meth.c +++ b/src/lib/libssl/t1_meth.c @@ -120,7 +120,7 @@ const SSL_METHOD TLSv1_1_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_1_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, @@ -152,7 +152,7 @@ const SSL_METHOD TLSv1_2_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_2_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c index d38afc5a21..721b190a84 100644 --- a/src/lib/libssl/t1_srvr.c +++ b/src/lib/libssl/t1_srvr.c @@ -124,7 +124,7 @@ const SSL_METHOD TLSv1_1_server_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_server_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_1_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, @@ -156,7 +156,7 @@ const SSL_METHOD TLSv1_2_server_method_data = { .get_cipher = ssl3_get_cipher, .get_ssl_method = tls1_get_server_method, .get_timeout = tls1_default_timeout, - .ssl3_enc = &TLSv1_enc_data, + .ssl3_enc = &TLSv1_2_enc_data, .ssl_version = ssl_undefined_void_function, .ssl_callback_ctrl = ssl3_callback_ctrl, .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, -- cgit v1.2.3-55-g6feb