Google Git
Sign in
boringssl/boringssl.git/a1e9cabd8b9637fd896714baf1b6b7503a7467a5^!/./ssl/ssl_lib.c
commit
a1e9cabd8b9637fd896714baf1b6b7503a7467a5
[log]
author
David Benjamin <davidben@chromium.org>
Wed Dec 30 00:08:49 2015 -0500
committer
Adam Langley <alangley@gmail.com>
Wed Jan 27 21:17:55 2016 +0000
tree
313046d86f8c5e2882cdb7ae554b2493d664c680
parent
ef7dba6ac7270d9a7ff5081b5e58a88c9780a090 [diff] [blame]
Replace enc_flags with normalized version checks.

This removes the various non-PRF checks from SSL3_ENC_METHOD so that can
have a clearer purpose. It also makes TLS 1.0 through 1.2's
SSL3_ENC_METHOD tables identical and gives us an assert to ensure
nothing accesses the version bits before version negotiation.
Accordingly, ssl_needs_record_splitting was reordered slightly so we
don't rely on enc_method being initialized to TLS 1.2
pre-version-negotiation.

This leaves alert_value as the only part of SSL3_ENC_METHOD which may be
accessed before version negotiation.

Change-Id: If9e299e2ef5511b5fa442b2af654eed054c3e675
Reviewed-on: https://boringssl-review.googlesource.com/6842
Reviewed-by: Adam Langley <alangley@gmail.com>

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fe3c173..8eba906 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -2283,15 +2283,11 @@
       return &SSLv3_enc_data;
 
     case TLS1_VERSION:
-      return &TLSv1_enc_data;
-
-    case DTLS1_VERSION:
     case TLS1_1_VERSION:
-      return &TLSv1_1_enc_data;
-
-    case DTLS1_2_VERSION:
     case TLS1_2_VERSION:
-      return &TLSv1_2_enc_data;
+    case DTLS1_VERSION:
+    case DTLS1_2_VERSION:
+      return &TLSv1_enc_data;
 
     default:
       return NULL;