Move the is_dtls bit from SSL3_ENC_METHOD to SSL_PROTOCOL_METHOD.
This too isn't version-specific. This removes the final difference between TLS
and DTLS SSL3_ENC_METHODs and we can fold them together. (We should be able to
fold away the version-specific differences too, but all in due time.)
Change-Id: I6652d3942a0970273d46d28d7052629c81f848b5
Reviewed-on: https://boringssl-review.googlesource.com/3771
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 48cc81f..356a637 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -83,37 +83,6 @@
static void get_current_time(SSL *ssl, OPENSSL_timeval *out_clock);
static OPENSSL_timeval *dtls1_get_timeout(SSL *s, OPENSSL_timeval *timeleft);
-const SSL3_ENC_METHOD DTLSv1_enc_data = {
- tls1_enc,
- tls1_prf,
- tls1_setup_key_block,
- tls1_generate_master_secret,
- tls1_change_cipher_state,
- tls1_final_finish_mac,
- tls1_cert_verify_mac,
- TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
- TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
- tls1_alert_code,
- tls1_export_keying_material,
- SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV,
-};
-
-const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
- tls1_enc,
- tls1_prf,
- tls1_setup_key_block,
- tls1_generate_master_secret,
- tls1_change_cipher_state,
- tls1_final_finish_mac,
- tls1_cert_verify_mac,
- TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
- TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
- tls1_alert_code,
- tls1_export_keying_material,
- SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS |
- SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS,
-};
-
int dtls1_new(SSL *s) {
DTLS1_STATE *d1;
diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c
index 84f56c9..e323fff 100644
--- a/ssl/d1_meth.c
+++ b/ssl/d1_meth.c
@@ -59,30 +59,31 @@
static const SSL_PROTOCOL_METHOD DTLS_protocol_method = {
- dtls1_new,
- dtls1_free,
- dtls1_accept,
- dtls1_connect,
- ssl3_read,
- ssl3_peek,
- ssl3_write,
- dtls1_shutdown,
- ssl3_renegotiate,
- ssl3_renegotiate_check,
- dtls1_get_message,
- dtls1_read_bytes,
- dtls1_write_app_data_bytes,
- dtls1_dispatch_alert,
- dtls1_ctrl,
- ssl3_ctx_ctrl,
- ssl3_pending,
- ssl3_num_ciphers,
- dtls1_get_cipher,
- ssl3_callback_ctrl,
- ssl3_ctx_callback_ctrl,
- DTLS1_HM_HEADER_LENGTH,
- dtls1_set_handshake_header,
- dtls1_handshake_write,
+ 1 /* is_dtls */,
+ dtls1_new,
+ dtls1_free,
+ dtls1_accept,
+ dtls1_connect,
+ ssl3_read,
+ ssl3_peek,
+ ssl3_write,
+ dtls1_shutdown,
+ ssl3_renegotiate,
+ ssl3_renegotiate_check,
+ dtls1_get_message,
+ dtls1_read_bytes,
+ dtls1_write_app_data_bytes,
+ dtls1_dispatch_alert,
+ dtls1_ctrl,
+ ssl3_ctx_ctrl,
+ ssl3_pending,
+ ssl3_num_ciphers,
+ dtls1_get_cipher,
+ ssl3_callback_ctrl,
+ ssl3_ctx_callback_ctrl,
+ DTLS1_HM_HEADER_LENGTH,
+ dtls1_set_handshake_header,
+ dtls1_handshake_write,
};
const SSL_METHOD *DTLS_method(void) {
diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c
index a557b32..c781369 100644
--- a/ssl/s3_meth.c
+++ b/ssl/s3_meth.c
@@ -58,6 +58,7 @@
static const SSL_PROTOCOL_METHOD TLS_protocol_method = {
+ 0 /* is_dtls */,
ssl3_new,
ssl3_free,
ssl3_accept,
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e17ee5a..b2fecc7 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2904,18 +2904,14 @@
case TLS1_VERSION:
return &TLSv1_enc_data;
+ case DTLS1_VERSION:
case TLS1_1_VERSION:
return &TLSv1_1_enc_data;
+ case DTLS1_2_VERSION:
case TLS1_2_VERSION:
return &TLSv1_2_enc_data;
- case DTLS1_VERSION:
- return &DTLSv1_enc_data;
-
- case DTLS1_2_VERSION:
- return &DTLSv1_2_enc_data;
-
default:
return NULL;
}
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c42eec3..eafff92 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -364,7 +364,7 @@
/* we have used 000001ff - 23 bits left to go */
/* Check if an SSL structure is using DTLS */
-#define SSL_IS_DTLS(s) (s->enc_method->enc_flags & SSL_ENC_FLAG_DTLS)
+#define SSL_IS_DTLS(s) (s->method->is_dtls)
/* See if we need explicit IV */
#define SSL_USE_EXPLICIT_IV(s) \
(s->enc_method->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
@@ -535,6 +535,8 @@
/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
struct ssl_protocol_method_st {
+ /* is_dtls is one if the protocol is DTLS and zero otherwise. */
+ char is_dtls;
int (*ssl_new)(SSL *s);
void (*ssl_free)(SSL *s);
int (*ssl_accept)(SSL *s);
@@ -603,11 +605,9 @@
#define SSL_ENC_FLAG_SIGALGS 0x2
/* Uses SHA256 default PRF */
#define SSL_ENC_FLAG_SHA256_PRF 0x4
-/* Is DTLS */
-#define SSL_ENC_FLAG_DTLS 0x8
/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2:
* may apply to others in future. */
-#define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x10
+#define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x8
/* ssl_aead_ctx_st contains information about an AEAD that is being used to
* encrypt an SSL connection. */
@@ -638,8 +638,6 @@
extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
extern const SSL3_ENC_METHOD SSLv3_enc_data;
-extern const SSL3_ENC_METHOD DTLSv1_enc_data;
-extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
void ssl_clear_cipher_ctx(SSL *s);
int ssl_clear_bad_session(SSL *s);
