Dual DTLS version methods.

[openssl.git] / ssl / ssl_locl.h

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 9f3a5c9f7b1843f62de1e68bfeb929ef55ca0c0a..f1cbc6f2ebbd19fc88b9fbe1bc3cd9834c4a4f9b 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -440,7 +440,25 @@
 
 /* Check if an SSL structure is using DTLS */
 #define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
-
+/* See if we need explicit IV */
+#define SSL_USE_EXPLICIT_IV(s) \
+               (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
+/* See if we use signature algorithms extension
+ * and signature algorithm before signatures.
+ */
+#define SSL_USE_SIGALGS(s)     \
+                       (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
+/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2:
+ * may apply to others in future.
+ */
+#define SSL_USE_TLS1_2_CIPHERS(s)      \
+               (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
+/* Determine if a client can use TLS 1.2 ciphersuites: can't rely on method
+ * flags because it may not be set to correct version yet.
+ */
+#define SSL_CLIENT_USE_TLS1_2_CIPHERS(s)       \
+               ((SSL_IS_DTLS(s) && s->client_version <= DTLS1_2_VERSION) || \
+               (!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION))
 
 /* Mostly for SSLv3 */
 #define SSL_PKEY_RSA_ENC       0
@@ -702,8 +720,14 @@ typedef struct ssl3_enc_method
 #define SSL_ENC_FLAG_EXPLICIT_IV       0x1
 /* Uses signature algorithms extension */
 #define SSL_ENC_FLAG_SIGALGS           0x2
+/* Uses SHA256 default PRF */
+#define SSL_ENC_FLAG_SHA256_PRF                0x4
 /* Is DTLS */
-#define SSL_ENC_FLAG_DTLS              0x4
+#define SSL_ENC_FLAG_DTLS              0x8
+/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2:
+ * may apply to others in future.
+ */
+#define SSL_ENC_FLAG_TLS1_2_CIPHERS    0x10
 
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
@@ -741,9 +765,10 @@ extern SSL3_ENC_METHOD TLSv1_1_enc_data;
 extern SSL3_ENC_METHOD TLSv1_2_enc_data;
 extern SSL3_ENC_METHOD SSLv3_enc_data;
 extern SSL3_ENC_METHOD DTLSv1_enc_data;
+extern SSL3_ENC_METHOD DTLSv1_2_enc_data;
 
 #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
-                               s_get_meth) \
+                               s_get_meth, enc_data) \
 const SSL_METHOD *func_name(void)  \
        { \
        static const SSL_METHOD func_name##_data= { \
@@ -772,7 +797,7 @@ const SSL_METHOD *func_name(void)  \
                ssl3_get_cipher, \
                s_get_meth, \
                tls1_default_timeout, \
-               &TLSv1_enc_data, \
+               &enc_data, \
                ssl_undefined_void_function, \
                ssl3_callback_ctrl, \
                ssl3_ctx_callback_ctrl, \
@@ -891,11 +916,12 @@ const SSL_METHOD *func_name(void)  \
        return &func_name##_data; \
        }
 
-#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+#define IMPLEMENT_dtls1_meth_func(version, func_name, s_accept, s_connect, \
+                                       s_get_meth, enc_data) \
 const SSL_METHOD *func_name(void)  \
        { \
        static const SSL_METHOD func_name##_data= { \
-               DTLS1_VERSION, \
+               version, \
                dtls1_new, \
                dtls1_clear, \
                dtls1_free, \
@@ -920,7 +946,7 @@ const SSL_METHOD *func_name(void)  \
                dtls1_get_cipher, \
                s_get_meth, \
                dtls1_default_timeout, \
-               &DTLSv1_enc_data, \
+               &enc_data, \
                ssl_undefined_void_function, \
                ssl3_callback_ctrl, \
                ssl3_ctx_callback_ctrl, \