Use enc_flags when deciding protocol variations.

Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.
(cherry picked from commit cbd64894ec687c6f37d8e43c16dff78e63f6be87)

Conflicts:

	ssl/ssl_locl.h

1 files changed, 11 insertions, 1 deletions

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 920c4f209f..af7930943e 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -442,6 +442,14 @@
 
 /* Check if an SSL structure is using DTLS */
 #define SSL_IS_DTLS(s)	(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+/* See if we need explicit IV */
+#define SSL_USE_EXPLICIT_IV(s)	\
+		(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
+/* See if we use signature algorithms extension
+ * and signature algorithm before signatures.
+ */
+#define SSL_USE_SIGALGS(s)	\
+			(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
 
 /* Mostly for SSLv3 */
 #define SSL_PKEY_RSA_ENC	0
@@ -711,8 +719,10 @@ typedef struct ssl3_enc_method
 #define SSL_ENC_FLAG_EXPLICIT_IV	0x1
 /* Uses signature algorithms extension */
 #define SSL_ENC_FLAG_SIGALGS		0x2
+/* Uses SHA256 default PRF */
+#define SSL_ENC_FLAG_SHA256_PRF		0x4
 /* Is DTLS */
-#define SSL_ENC_FLAG_DTLS		0x4
+#define SSL_ENC_FLAG_DTLS		0x8
 
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */