X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fd1_lib.c;h=3568e97a8771573c97a3ff421218e78a6ca4c903;hb=9d396bee8e1247baae68f74cba25f0362f3aa181;hp=d07a212faceabd612b335bb93e38a5cfd0940271;hpb=4479ce9c1c64a76bd5e2bd1243dfb99679ba208f;p=oweals%2Fopenssl.git

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index d07a212fac..3568e97a87 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -106,6 +106,7 @@ int dtls1_new(SSL *s)
 	pq_64bit_init(&(d1->bitmap.map));
 	pq_64bit_init(&(d1->bitmap.max_seq_num));
 	
+	d1->next_bitmap.length = d1->bitmap.length;
 	pq_64bit_init(&(d1->next_bitmap.map));
 	pq_64bit_init(&(d1->next_bitmap.max_seq_num));
 
@@ -188,3 +189,23 @@ void dtls1_clear(SSL *s)
 	ssl3_clear(s);
 	s->version=DTLS1_VERSION;
 	}
+
+/*
+ * As it's impossible to use stream ciphers in "datagram" mode, this
+ * simple filter is designed to disengage them in DTLS. Unfortunately
+ * there is no universal way to identify stream SSL_CIPHER, so we have
+ * to explicitly list their SSL_* codes. Currently RC4 is the only one
+ * available, but if new ones emerge, they will have to be added...
+ */
+SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+	{
+	SSL_CIPHER *ciph = ssl3_get_cipher(u);
+
+	if (ciph != NULL)
+		{
+		if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4)
+			return NULL;
+		}
+
+	return ciph;
+	}