diff options
author | Adam Langley <agl@google.com> | 2015-09-24 10:57:52 -0700 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-09-24 11:04:03 -0700 |
commit | 1e4884f615b20946411a74e41eb9c6aa65e2d5f3 (patch) | |
tree | dd743d9d64af3145fe96b8d5fc2f3427544794bd /src/ssl/d1_lib.c | |
parent | 08656b61d075740bfb24ddcce65223146259fc02 (diff) | |
download | external_boringssl-1e4884f615b20946411a74e41eb9c6aa65e2d5f3.zip external_boringssl-1e4884f615b20946411a74e41eb9c6aa65e2d5f3.tar.gz external_boringssl-1e4884f615b20946411a74e41eb9c6aa65e2d5f3.tar.bz2 |
external/boringssl: sync with upstream.
This change imports the current version of BoringSSL. The only local
change now is that |BORINGSSL_201509| is defined in base.h. This allows
this change to be made without (hopefully) breaking the build.
This change will need https://android-review.googlesource.com/172744 to
be landed afterwards to update a test.
Change-Id: I6d1f463f7785a2423bd846305af91c973c326104
Diffstat (limited to 'src/ssl/d1_lib.c')
-rw-r--r-- | src/ssl/d1_lib.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/src/ssl/d1_lib.c b/src/ssl/d1_lib.c index ef7a9c9..cb95585 100644 --- a/src/ssl/d1_lib.c +++ b/src/ssl/d1_lib.c @@ -54,12 +54,18 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). */ -#include <openssl/base.h> +#include <openssl/ssl.h> #include <limits.h> #include <stdio.h> #include <string.h> +#include <openssl/err.h> +#include <openssl/mem.h> +#include <openssl/obj.h> + +#include "internal.h" + #if defined(OPENSSL_WINDOWS) #include <sys/timeb.h> #else @@ -67,11 +73,6 @@ #include <sys/time.h> #endif -#include <openssl/err.h> -#include <openssl/mem.h> -#include <openssl/obj.h> - -#include "internal.h" /* DTLS1_MTU_TIMEOUTS is the maximum number of timeouts to expire * before starting to decrease the MTU. */ @@ -152,8 +153,9 @@ void dtls1_free(SSL *s) { } int dtls1_supports_cipher(const SSL_CIPHER *cipher) { - /* DTLS does not support stream ciphers. */ - return cipher->algorithm_enc != SSL_RC4; + /* DTLS does not support stream ciphers. The NULL cipher is rejected because + * it's not needed. */ + return cipher->algorithm_enc != SSL_RC4 && cipher->algorithm_enc != SSL_eNULL; } void dtls1_start_timer(SSL *s) { @@ -262,7 +264,7 @@ int dtls1_check_timeout_num(SSL *s) { if (s->d1->num_timeouts > DTLS1_MAX_TIMEOUTS) { /* fail the connection, enough alerts have been sent */ - OPENSSL_PUT_ERROR(SSL, dtls1_check_timeout_num, SSL_R_READ_TIMEOUT_EXPIRED); + OPENSSL_PUT_ERROR(SSL, SSL_R_READ_TIMEOUT_EXPIRED); return -1; } @@ -328,8 +330,9 @@ int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) { s2n(msg_hdr->seq, p); l2n3(0, p); l2n3(msg_hdr->msg_len, p); - return ssl3_finish_mac(s, serialised_header, sizeof(serialised_header)) && - ssl3_finish_mac(s, message + DTLS1_HM_HEADER_LENGTH, len); + return ssl3_update_handshake_hash(s, serialised_header, + sizeof(serialised_header)) && + ssl3_update_handshake_hash(s, message + DTLS1_HM_HEADER_LENGTH, len); } int dtls1_handshake_write(SSL *s) { |