This commit was generated by cvs2git to track changes on a CVS vendor

branch.

4 files changed, 28 insertions, 10 deletions

diff --git a/src/lib/libcrypto/bn/asm/ppc.pl b/src/lib/libcrypto/bn/asm/ppc.pl
index 37c65d3511..f4093177e6 100644
--- a/src/lib/libcrypto/bn/asm/ppc.pl
+++ b/src/lib/libcrypto/bn/asm/ppc.pl
@@ -949,7 +949,7 @@ $data=<<EOF;
         addze   r11,r0
                                         #mul_add_c(a[3],b[2],c3,c1,c2);
         $LD     r6,`3*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r5)
         $UMULL  r8,r6,r7
         $UMULH  r9,r6,r7
         addc    r12,r8,r12
diff --git a/src/lib/libcrypto/bn/asm/x86-mont.pl b/src/lib/libcrypto/bn/asm/x86-mont.pl
index 5cd3cd2ed5..e8f6b05084 100755
--- a/src/lib/libcrypto/bn/asm/x86-mont.pl
+++ b/src/lib/libcrypto/bn/asm/x86-mont.pl
@@ -527,8 +527,10 @@ $sbit=$num;
         &jle    (&label("sqradd"));
 
         &mov    ($carry,"edx");
-        &lea    ("edx",&DWP(0,$sbit,"edx",2));
+        &add    ("edx","edx");
         &shr    ($carry,31);
+        &add    ("edx",$sbit);
+        &adc    ($carry,0);
 &set_label("sqrlast");
         &mov    ($word,$_n0);
         &mov    ($inp,$_np);
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 2180c6d4da..9f898d6997 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -158,7 +158,6 @@ static unsigned char bitmask_end_values[]   = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1
 /* XDTLS:  figure out the right values */
 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
 
-static unsigned int dtls1_min_mtu(void);
 static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
 static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 
         unsigned long frag_len);
@@ -264,11 +263,10 @@ int dtls1_do_write(SSL *s, int type)
                         return ret;
                 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
                 }
-
-        OPENSSL_assert(mtu > 0);  /* should have something reasonable now */
-
 #endif
 
+        OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());  /* should have something reasonable now */
+
         if ( s->init_off == 0  && type == SSL3_RT_HANDSHAKE)
                 OPENSSL_assert(s->init_num == 
                         (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
@@ -795,7 +793,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
                 *ok = 0;
                 return i;
                 }
-        OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
+        /* Handshake fails if message header is incomplete */
+        if (i != DTLS1_HM_HEADER_LENGTH)
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
+                goto f_err;
+                }
 
         /* parse the message fragment header */
         dtls1_get_message_header(wire, &msg_hdr);
@@ -867,7 +871,12 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 
         /* XDTLS:  an incorrectly formatted fragment should cause the 
          * handshake to fail */
-        OPENSSL_assert(i == (int)frag_len);
+        if (i != (int)frag_len)
+                {
+                al=SSL3_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
+                goto f_err;
+                }
 
         *ok = 1;
 
@@ -1367,7 +1376,7 @@ dtls1_write_message_header(SSL *s, unsigned char *p)
         return p;
         }
 
-static unsigned int 
+unsigned int 
 dtls1_min_mtu(void)
         {
         return (g_probable_mtu[(sizeof(g_probable_mtu) / 
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 48e8b6ffbb..c3b77c889b 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -204,7 +204,8 @@ void dtls1_clear(SSL *s)
     pqueue buffered_messages;
         pqueue sent_messages;
         pqueue buffered_app_data;
-        
+        unsigned int mtu;
+
         if (s->d1)
                 {
                 unprocessed_rcds = s->d1->unprocessed_rcds.q;
@@ -212,6 +213,7 @@ void dtls1_clear(SSL *s)
                 buffered_messages = s->d1->buffered_messages;
                 sent_messages = s->d1->sent_messages;
                 buffered_app_data = s->d1->buffered_app_data.q;
+                mtu = s->d1->mtu;
 
                 dtls1_clear_queues(s);
 
@@ -222,6 +224,11 @@ void dtls1_clear(SSL *s)
                         s->d1->cookie_len = sizeof(s->d1->cookie);
                         }
 
+                if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
+                        {
+                        s->d1->mtu = mtu;
+                        }
+
                 s->d1->unprocessed_rcds.q = unprocessed_rcds;
                 s->d1->processed_rcds.q = processed_rcds;
                 s->d1->buffered_messages = buffered_messages;