Use enc_flags when deciding protocol variations.

Use the enc_flags field to determine whether we should use explicit IV, signature algorithms or SHA256 default PRF instead of hard coding which versions support each requirement.
author: Dr. Stephen Henson <steve@openssl.org> 2013-03-13 15:33:24 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-03-18 15:03:58 +0000
commit: cbd64894ec687c6f37d8e43c16dff78e63f6be87 (patch)
tree: be8c67256a02cbe24fc2d44c9488bb547e71046f /ssl/s3_cbc.c
parent: 6de2649a6b349bde9c9fb62c3a3d5d6344d8259c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 87cdc3b244..ea46c3989e 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -146,7 +146,7 @@ int tls1_cbc_remove_padding(const SSL* s,
 	unsigned padding_length, good, to_check, i;
 	const unsigned overhead = 1 /* padding length byte */ + mac_size;
 	/* Check if version requires explicit IV */
-	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
+	if (SSL_USE_EXPLICIT_IV(s))
 		{
 		/* These lengths are all public so we can test them in
 		 * non-constant time.
author	Dr. Stephen Henson <steve@openssl.org>	2013-03-13 15:33:24 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-03-18 15:03:58 +0000
commit	cbd64894ec687c6f37d8e43c16dff78e63f6be87 (patch)
tree	be8c67256a02cbe24fc2d44c9488bb547e71046f /ssl/s3_cbc.c
parent	6de2649a6b349bde9c9fb62c3a3d5d6344d8259c (diff)