Future proof RLAYER_USE_EXPLICIT_IV by checking dtls versions directly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23611)

diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h
index 5c4550bb820ae8b5dfe3ed3a616344c1e973dcb8..1267f81385087aa03d7c3a42b6df3c34c1d0df87 100644 (file)
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -395,7 +395,9 @@ void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
 
 #define RLAYER_USE_EXPLICIT_IV(rl) ((rl)->version == TLS1_1_VERSION \
                                     || (rl)->version == TLS1_2_VERSION \
-                                    || (rl)->isdtls)
+                                    || (rl)->version == DTLS1_BAD_VER \
+                                    || (rl)->version == DTLS1_VERSION \
+                                    || (rl)->version == DTLS1_2_VERSION)
 
 void ossl_tls_rl_record_set_seq_num(TLS_RL_RECORD *r,
                                     const unsigned char *seq_num);