Move the is_dtls bit from SSL3_ENC_METHOD to SSL_PROTOCOL_METHOD.

This too isn't version-specific. This removes the final difference between TLS
and DTLS SSL3_ENC_METHODs and we can fold them together. (We should be able to
fold away the version-specific differences too, but all in due time.)

Change-Id: I6652d3942a0970273d46d28d7052629c81f848b5
Reviewed-on: https://boringssl-review.googlesource.com/3771
Reviewed-by: Adam Langley <agl@google.com>

ssl/d1_lib.c

@@ -83,37 +83,6 @@
 static void get_current_time(SSL *ssl, OPENSSL_timeval *out_clock);
 static OPENSSL_timeval *dtls1_get_timeout(SSL *s, OPENSSL_timeval *timeleft);
 
-const SSL3_ENC_METHOD DTLSv1_enc_data = {
-  tls1_enc,
-  tls1_prf,
-  tls1_setup_key_block,
-  tls1_generate_master_secret,
-  tls1_change_cipher_state,
-  tls1_final_finish_mac,
-  tls1_cert_verify_mac,
-  TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
-  TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
-  tls1_alert_code,
-  tls1_export_keying_material,
-  SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV,
-};
-
-const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
-  tls1_enc,
-  tls1_prf,
-  tls1_setup_key_block,
-  tls1_generate_master_secret,
-  tls1_change_cipher_state,
-  tls1_final_finish_mac,
-  tls1_cert_verify_mac,
-  TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
-  TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
-  tls1_alert_code,
-  tls1_export_keying_material,
-  SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS |
-      SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS,
-};
-
 int dtls1_new(SSL *s) {
   DTLS1_STATE *d1;
 

ssl/d1_meth.c

@@ -59,30 +59,31 @@
 
 
 static const SSL_PROTOCOL_METHOD DTLS_protocol_method = {
-  dtls1_new,
-  dtls1_free,
-  dtls1_accept,
-  dtls1_connect,
-  ssl3_read,
-  ssl3_peek,
-  ssl3_write,
-  dtls1_shutdown,
-  ssl3_renegotiate,
-  ssl3_renegotiate_check,
-  dtls1_get_message,
-  dtls1_read_bytes,
-  dtls1_write_app_data_bytes,
-  dtls1_dispatch_alert,
-  dtls1_ctrl,
-  ssl3_ctx_ctrl,
-  ssl3_pending,
-  ssl3_num_ciphers,
-  dtls1_get_cipher,
-  ssl3_callback_ctrl,
-  ssl3_ctx_callback_ctrl,
-  DTLS1_HM_HEADER_LENGTH,
-  dtls1_set_handshake_header,
-  dtls1_handshake_write,
+    1 /* is_dtls */,
+    dtls1_new,
+    dtls1_free,
+    dtls1_accept,
+    dtls1_connect,
+    ssl3_read,
+    ssl3_peek,
+    ssl3_write,
+    dtls1_shutdown,
+    ssl3_renegotiate,
+    ssl3_renegotiate_check,
+    dtls1_get_message,
+    dtls1_read_bytes,
+    dtls1_write_app_data_bytes,
+    dtls1_dispatch_alert,
+    dtls1_ctrl,
+    ssl3_ctx_ctrl,
+    ssl3_pending,
+    ssl3_num_ciphers,
+    dtls1_get_cipher,
+    ssl3_callback_ctrl,
+    ssl3_ctx_callback_ctrl,
+    DTLS1_HM_HEADER_LENGTH,
+    dtls1_set_handshake_header,
+    dtls1_handshake_write,
 };
 
 const SSL_METHOD *DTLS_method(void) {

ssl/s3_meth.c

@@ -58,6 +58,7 @@
 
 
 static const SSL_PROTOCOL_METHOD TLS_protocol_method = {
+    0 /* is_dtls */,
     ssl3_new,
     ssl3_free,
     ssl3_accept,

ssl/ssl_lib.c

@@ -2904,18 +2904,14 @@ const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) {
     case TLS1_VERSION:
       return &TLSv1_enc_data;
 
+    case DTLS1_VERSION:
     case TLS1_1_VERSION:
       return &TLSv1_1_enc_data;
 
+    case DTLS1_2_VERSION:
     case TLS1_2_VERSION:
       return &TLSv1_2_enc_data;
 
-    case DTLS1_VERSION:
-      return &DTLSv1_enc_data;
-
-    case DTLS1_2_VERSION:
-      return &DTLSv1_2_enc_data;
-
     default:
       return NULL;
   }

ssl/ssl_locl.h

@@ -364,7 +364,7 @@
 /* we have used 000001ff - 23 bits left to go */
 
 /* Check if an SSL structure is using DTLS */
-#define SSL_IS_DTLS(s) (s->enc_method->enc_flags & SSL_ENC_FLAG_DTLS)
+#define SSL_IS_DTLS(s) (s->method->is_dtls)
 /* See if we need explicit IV */
 #define SSL_USE_EXPLICIT_IV(s) \
   (s->enc_method->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
@@ -535,6 +535,8 @@ struct ssl_method_st {
 
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
 struct ssl_protocol_method_st {
+  /* is_dtls is one if the protocol is DTLS and zero otherwise. */
+  char is_dtls;
   int (*ssl_new)(SSL *s);
   void (*ssl_free)(SSL *s);
   int (*ssl_accept)(SSL *s);
@@ -603,11 +605,9 @@ struct ssl3_enc_method {
 #define SSL_ENC_FLAG_SIGALGS 0x2
 /* Uses SHA256 default PRF */
 #define SSL_ENC_FLAG_SHA256_PRF 0x4
-/* Is DTLS */
-#define SSL_ENC_FLAG_DTLS 0x8
 /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2:
  * may apply to others in future. */
-#define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x10
+#define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x8
 
 /* ssl_aead_ctx_st contains information about an AEAD that is being used to
  * encrypt an SSL connection. */
@@ -638,8 +638,6 @@ extern const SSL3_ENC_METHOD TLSv1_enc_data;
 extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
 extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
 extern const SSL3_ENC_METHOD SSLv3_enc_data;
-extern const SSL3_ENC_METHOD DTLSv1_enc_data;
-extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
 
 void ssl_clear_cipher_ctx(SSL *s);
 int ssl_clear_bad_session(SSL *s);