diff options
Diffstat (limited to 'crypto/openssl/ssl/d1_lib.c')
| -rw-r--r-- | crypto/openssl/ssl/d1_lib.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/d1_lib.c b/crypto/openssl/ssl/d1_lib.c index d07a212..3568e97 100644 --- a/crypto/openssl/ssl/d1_lib.c +++ b/crypto/openssl/ssl/d1_lib.c @@ -106,6 +106,7 @@ int dtls1_new(SSL *s) pq_64bit_init(&(d1->bitmap.map)); pq_64bit_init(&(d1->bitmap.max_seq_num)); + d1->next_bitmap.length = d1->bitmap.length; pq_64bit_init(&(d1->next_bitmap.map)); pq_64bit_init(&(d1->next_bitmap.max_seq_num)); @@ -188,3 +189,23 @@ void dtls1_clear(SSL *s) ssl3_clear(s); s->version=DTLS1_VERSION; } + +/* + * As it's impossible to use stream ciphers in "datagram" mode, this + * simple filter is designed to disengage them in DTLS. Unfortunately + * there is no universal way to identify stream SSL_CIPHER, so we have + * to explicitly list their SSL_* codes. Currently RC4 is the only one + * available, but if new ones emerge, they will have to be added... + */ +SSL_CIPHER *dtls1_get_cipher(unsigned int u) + { + SSL_CIPHER *ciph = ssl3_get_cipher(u); + + if (ciph != NULL) + { + if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) + return NULL; + } + + return ciph; + } |
