diff options
Diffstat (limited to 'src/ssl/d1_lib.c')
| -rw-r--r-- | src/ssl/d1_lib.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/src/ssl/d1_lib.c b/src/ssl/d1_lib.c index ef7a9c9..cb95585 100644 --- a/src/ssl/d1_lib.c +++ b/src/ssl/d1_lib.c @@ -54,12 +54,18 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). */ -#include <openssl/base.h> +#include <openssl/ssl.h> #include <limits.h> #include <stdio.h> #include <string.h> +#include <openssl/err.h> +#include <openssl/mem.h> +#include <openssl/obj.h> + +#include "internal.h" + #if defined(OPENSSL_WINDOWS) #include <sys/timeb.h> #else @@ -67,11 +73,6 @@ #include <sys/time.h> #endif -#include <openssl/err.h> -#include <openssl/mem.h> -#include <openssl/obj.h> - -#include "internal.h" /* DTLS1_MTU_TIMEOUTS is the maximum number of timeouts to expire * before starting to decrease the MTU. */ @@ -152,8 +153,9 @@ void dtls1_free(SSL *s) { } int dtls1_supports_cipher(const SSL_CIPHER *cipher) { - /* DTLS does not support stream ciphers. */ - return cipher->algorithm_enc != SSL_RC4; + /* DTLS does not support stream ciphers. The NULL cipher is rejected because + * it's not needed. */ + return cipher->algorithm_enc != SSL_RC4 && cipher->algorithm_enc != SSL_eNULL; } void dtls1_start_timer(SSL *s) { @@ -262,7 +264,7 @@ int dtls1_check_timeout_num(SSL *s) { if (s->d1->num_timeouts > DTLS1_MAX_TIMEOUTS) { /* fail the connection, enough alerts have been sent */ - OPENSSL_PUT_ERROR(SSL, dtls1_check_timeout_num, SSL_R_READ_TIMEOUT_EXPIRED); + OPENSSL_PUT_ERROR(SSL, SSL_R_READ_TIMEOUT_EXPIRED); return -1; } @@ -328,8 +330,9 @@ int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) { s2n(msg_hdr->seq, p); l2n3(0, p); l2n3(msg_hdr->msg_len, p); - return ssl3_finish_mac(s, serialised_header, sizeof(serialised_header)) && - ssl3_finish_mac(s, message + DTLS1_HM_HEADER_LENGTH, len); + return ssl3_update_handshake_hash(s, serialised_header, + sizeof(serialised_header)) && + ssl3_update_handshake_hash(s, message + DTLS1_HM_HEADER_LENGTH, len); } int dtls1_handshake_write(SSL *s) { |