PR: 2120

[openssl.git] / ssl / t1_enc.c

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index b482f6cf9c0dd0b2c74db3a03763c34859a82600..d9cb059d0c21685d8b0e9c7c2cba816fe4b70350 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -806,7 +806,7 @@ int tls1_final_finish_mac(SSL *s,
                if (mask & s->s3->tmp.new_cipher->algorithm2)
                        {
                        int hashsize = EVP_MD_size(md);
-                       if (hashsize < 0 || hashsize > (sizeof buf - (size_t)(q-buf)))
+                       if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
                                {
                                /* internal error: 'buf' is too small for this cipersuite! */
                                err = 1;
@@ -815,7 +815,7 @@ int tls1_final_finish_mac(SSL *s,
                                {
                                EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
                                EVP_DigestFinal_ex(&ctx,q,&i);
-                               if (i != hashsize) /* can't really happen */
+                               if (i != (unsigned int)hashsize) /* can't really happen */
                                        err = 1;
                                q+=i;
                                }
@@ -882,7 +882,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                        mac_ctx = &hmac;
                }
 
-       if (ssl->version == DTLS1_VERSION)
+       if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
                {
                unsigned char dtlsseq[8],*p=dtlsseq;
 
@@ -911,7 +911,7 @@ printf("rec=");
 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
 
-       if (ssl->version != DTLS1_VERSION)
+       if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
                {
                for (i=7; i>=0; i--)
                        {