X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fd1_lib.c;h=d9486916f206ffd4d23208a1fec1c2708b657075;hb=8e3b2dbb31819b880886bfd275510c650ff264ea;hp=ea0dbf4831c32fa97ee21a107b7932ecd9586b60;hpb=dffdb56b7f5ac13102cd3639c115349d3ce2fa01;p=oweals%2Fopenssl.git

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index ea0dbf4831..d9486916f2 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -61,11 +61,9 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
-const char *dtls1_version_str="DTLSv1" OPENSSL_VERSION_PTEXT;
+const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
 
-static long dtls1_default_timeout(void);
-
-static SSL3_ENC_METHOD DTLSv1_enc_data={
+SSL3_ENC_METHOD DTLSv1_enc_data={
     dtls1_enc,
 	tls1_mac,
 	tls1_setup_key_block,
@@ -79,50 +77,13 @@ static SSL3_ENC_METHOD DTLSv1_enc_data={
 	tls1_alert_code,
 	};
 
-static SSL_METHOD DTLSv1_data= {
-	DTLS1_VERSION,
-	dtls1_new,
-	dtls1_clear,
-	dtls1_free,
-	ssl_undefined_function,
-	ssl_undefined_function,
-	ssl3_read,
-	ssl3_peek,
-	ssl3_write,
-	ssl3_shutdown,
-	ssl3_renegotiate,
-	ssl3_renegotiate_check,
-	dtls1_get_message,
-	dtls1_read_bytes,
-	dtls1_write_app_data_bytes,
-	dtls1_dispatch_alert,
-	ssl3_ctrl,
-	ssl3_ctx_ctrl,
-	ssl3_get_cipher_by_char,
-	ssl3_put_cipher_by_char,
-	ssl3_pending,
-	ssl3_num_ciphers,
-	ssl3_get_cipher,
-	ssl_bad_method,
-	dtls1_default_timeout,
-	&DTLSv1_enc_data,
-	ssl_undefined_void_function,
-	ssl3_callback_ctrl,
-	ssl3_ctx_callback_ctrl,
-	};
-
-static long dtls1_default_timeout(void)
+long dtls1_default_timeout(void)
 	{
 	/* 2 hours, the 24 hours mentioned in the DTLSv1 spec
 	 * is way too long for http, the cache would over fill */
 	return(60*60*2);
 	}
 
-SSL_METHOD *dtlsv1_base_method(void)
-	{
-	return(&DTLSv1_data);
-	}
-
 int dtls1_new(SSL *s)
 	{
 	DTLS1_STATE *d1;
@@ -206,3 +167,23 @@ void dtls1_clear(SSL *s)
 	ssl3_clear(s);
 	s->version=DTLS1_VERSION;
 	}
+
+/*
+ * As it's impossible to use stream ciphers in "datagram" mode, this
+ * simple filter is designed to disengage them in DTLS. Unfortunately
+ * there is no universal way to identify stream SSL_CIPHER, so we have
+ * to explicitly list their SSL_* codes. Currently RC4 is the only one
+ * available, but if new ones emerge, they will have to be added...
+ */
+SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+	{
+	SSL_CIPHER *ciph = ssl3_get_cipher(u);
+
+	if (ciph != NULL)
+		{
+		if (ciph->algorithm_enc == SSL_RC4)
+			return NULL;
+		}
+
+	return ciph;
+	}