summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
-rw-r--r--src/lib/libssl/ssl_pkt.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 4cc1914ecd..31a66753bf 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.33 2020/10/14 16:57:33 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.34 2021/01/19 18:57:09 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -370,11 +370,12 @@ ssl3_get_record(SSL *s)
370 370
371 /* Lets check version */ 371 /* Lets check version */
372 if (!s->internal->first_packet && ssl_version != s->version) { 372 if (!s->internal->first_packet && ssl_version != s->version) {
373 SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
374 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && 373 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
375 !s->internal->enc_write_ctx && !s->internal->write_hash) 374 !tls12_record_layer_write_protected(s->internal->rl)) {
376 /* Send back error using their minor version number :-) */ 375 /* Send back error using their minor version number :-) */
377 s->version = ssl_version; 376 s->version = ssl_version;
377 }
378 SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
378 al = SSL_AD_PROTOCOL_VERSION; 379 al = SSL_AD_PROTOCOL_VERSION;
379 goto f_err; 380 goto f_err;
380 } 381 }
@@ -569,8 +570,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
569 * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this 570 * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this
570 * is unnecessary for AEAD. 571 * is unnecessary for AEAD.
571 */ 572 */
572 if (sess != NULL && s->internal->enc_write_ctx != NULL && 573 if (sess != NULL && tls12_record_layer_write_protected(s->internal->rl)) {
573 EVP_MD_CTX_md(s->internal->write_hash) != NULL) {
574 if (S3I(s)->need_empty_fragments && 574 if (S3I(s)->need_empty_fragments &&
575 !S3I(s)->empty_fragment_done && 575 !S3I(s)->empty_fragment_done &&
576 type == SSL3_RT_APPLICATION_DATA) 576 type == SSL3_RT_APPLICATION_DATA)
@@ -814,8 +814,8 @@ start:
814 if (type == rr->type) { 814 if (type == rr->type) {
815 /* make sure that we are not getting application data when we 815 /* make sure that we are not getting application data when we
816 * are doing a handshake for the first time */ 816 * are doing a handshake for the first time */
817 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && 817 if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
818 (s->enc_read_ctx == NULL)) { 818 !tls12_record_layer_read_protected(s->internal->rl)) {
819 al = SSL_AD_UNEXPECTED_MESSAGE; 819 al = SSL_AD_UNEXPECTED_MESSAGE;
820 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); 820 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
821 goto f_err; 821 goto f_err;