generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use enc_flags when deciding protocol variations.

Browse Source 
Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.
This commit is contained in:
Dr. Stephen Henson
2013-03-13 15:33:24 +00:00
parent 6de2649a6b
commit cbd64894ec
10 changed files with 52 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ssl/s3_lib.c
View File

@@ -4458,14 +4458,14 @@ need to go to SSL_ST_ACCEPT.
}
return(ret);
}
/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
* to new SHA256 PRF and handshake macs
/* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
* and handshake macs if required.
*/
long ssl_get_algorithm2(SSL *s)
{
long alg2 = s->s3->tmp.new_cipher->algorithm2;
if (TLS1_get_version(s) >= TLS1_2_VERSION &&
alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF
&& alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
return alg2;
}