diff options
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 722ed9a858..96ba63262e 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); | |||
| 335 | if (version != s->version) | 335 | if (version != s->version) |
| 336 | { | 336 | { |
| 337 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); | 337 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); |
| 338 | if ((s->version & 0xFF00) == (version & 0xFF00)) | 338 | if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) |
| 339 | /* Send back error using their minor version number :-) */ | 339 | /* Send back error using their minor version number :-) */ |
| 340 | s->version = (unsigned short)version; | 340 | s->version = (unsigned short)version; |
| 341 | al=SSL_AD_PROTOCOL_VERSION; | 341 | al=SSL_AD_PROTOCOL_VERSION; |
| @@ -407,7 +407,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); | |||
| 407 | if (enc_err == 0) | 407 | if (enc_err == 0) |
| 408 | { | 408 | { |
| 409 | al=SSL_AD_DECRYPTION_FAILED; | 409 | al=SSL_AD_DECRYPTION_FAILED; |
| 410 | SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | 410 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); |
| 411 | goto f_err; | 411 | goto f_err; |
| 412 | } | 412 | } |
| 413 | 413 | ||
| @@ -467,7 +467,7 @@ printf("\n"); | |||
| 467 | } | 467 | } |
| 468 | 468 | ||
| 469 | i=s->method->ssl3_enc->mac(s,md,0 /* not send */); | 469 | i=s->method->ssl3_enc->mac(s,md,0 /* not send */); |
| 470 | if (i < 0 || mac == NULL || timingsafe_bcmp(md, mac, (size_t)mac_size) != 0) | 470 | if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) |
| 471 | enc_err = -1; | 471 | enc_err = -1; |
| 472 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) | 472 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) |
| 473 | enc_err = -1; | 473 | enc_err = -1; |
| @@ -748,6 +748,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 748 | * bytes and record version number > TLS 1.0 | 748 | * bytes and record version number > TLS 1.0 |
| 749 | */ | 749 | */ |
| 750 | if (s->state == SSL3_ST_CW_CLNT_HELLO_B | 750 | if (s->state == SSL3_ST_CW_CLNT_HELLO_B |
| 751 | && !s->renegotiate | ||
| 751 | && TLS1_get_version(s) > TLS1_VERSION) | 752 | && TLS1_get_version(s) > TLS1_VERSION) |
| 752 | *(p++) = 0x1; | 753 | *(p++) = 0x1; |
| 753 | else | 754 | else |
| @@ -1054,7 +1055,7 @@ start: | |||
| 1054 | { | 1055 | { |
| 1055 | s->rstate=SSL_ST_READ_HEADER; | 1056 | s->rstate=SSL_ST_READ_HEADER; |
| 1056 | rr->off=0; | 1057 | rr->off=0; |
| 1057 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) | 1058 | if (s->mode & SSL_MODE_RELEASE_BUFFERS) |
| 1058 | ssl3_release_read_buffer(s); | 1059 | ssl3_release_read_buffer(s); |
| 1059 | } | 1060 | } |
| 1060 | } | 1061 | } |
| @@ -1242,7 +1243,7 @@ start: | |||
| 1242 | goto f_err; | 1243 | goto f_err; |
| 1243 | } | 1244 | } |
| 1244 | #ifdef SSL_AD_MISSING_SRP_USERNAME | 1245 | #ifdef SSL_AD_MISSING_SRP_USERNAME |
| 1245 | if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) | 1246 | else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) |
| 1246 | return(0); | 1247 | return(0); |
| 1247 | #endif | 1248 | #endif |
| 1248 | } | 1249 | } |