diff options
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
-rw-r--r-- | src/lib/libssl/ssl_pkt.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 4cc1914ecd..31a66753bf 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_pkt.c,v 1.33 2020/10/14 16:57:33 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_pkt.c,v 1.34 2021/01/19 18:57:09 jsing Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -370,11 +370,12 @@ ssl3_get_record(SSL *s) | |||
370 | 370 | ||
371 | /* Lets check version */ | 371 | /* Lets check version */ |
372 | if (!s->internal->first_packet && ssl_version != s->version) { | 372 | if (!s->internal->first_packet && ssl_version != s->version) { |
373 | SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); | ||
374 | if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && | 373 | if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && |
375 | !s->internal->enc_write_ctx && !s->internal->write_hash) | 374 | !tls12_record_layer_write_protected(s->internal->rl)) { |
376 | /* Send back error using their minor version number :-) */ | 375 | /* Send back error using their minor version number :-) */ |
377 | s->version = ssl_version; | 376 | s->version = ssl_version; |
377 | } | ||
378 | SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); | ||
378 | al = SSL_AD_PROTOCOL_VERSION; | 379 | al = SSL_AD_PROTOCOL_VERSION; |
379 | goto f_err; | 380 | goto f_err; |
380 | } | 381 | } |
@@ -569,8 +570,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
569 | * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this | 570 | * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this |
570 | * is unnecessary for AEAD. | 571 | * is unnecessary for AEAD. |
571 | */ | 572 | */ |
572 | if (sess != NULL && s->internal->enc_write_ctx != NULL && | 573 | if (sess != NULL && tls12_record_layer_write_protected(s->internal->rl)) { |
573 | EVP_MD_CTX_md(s->internal->write_hash) != NULL) { | ||
574 | if (S3I(s)->need_empty_fragments && | 574 | if (S3I(s)->need_empty_fragments && |
575 | !S3I(s)->empty_fragment_done && | 575 | !S3I(s)->empty_fragment_done && |
576 | type == SSL3_RT_APPLICATION_DATA) | 576 | type == SSL3_RT_APPLICATION_DATA) |
@@ -814,8 +814,8 @@ start: | |||
814 | if (type == rr->type) { | 814 | if (type == rr->type) { |
815 | /* make sure that we are not getting application data when we | 815 | /* make sure that we are not getting application data when we |
816 | * are doing a handshake for the first time */ | 816 | * are doing a handshake for the first time */ |
817 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | 817 | if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && |
818 | (s->enc_read_ctx == NULL)) { | 818 | !tls12_record_layer_read_protected(s->internal->rl)) { |
819 | al = SSL_AD_UNEXPECTED_MESSAGE; | 819 | al = SSL_AD_UNEXPECTED_MESSAGE; |
820 | SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); | 820 | SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); |
821 | goto f_err; | 821 | goto f_err; |