X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_clnt.c;h=24c180c4d7294a961463fe5a49a3fbdf6d9b9b28;hp=13006b7e05da717c187c3d9b5cabca9fb09bb3aa;hb=226751ae4a1f3e00021c43399d7bb51a99c22c17;hpb=36086186a9b90cdad0d2cd0a598a10f03f8f4bcc

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 13006b7e05..24c180c4d7 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1073,6 +1073,11 @@ int ssl3_get_server_hello(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
 		goto f_err;
 		}
+	/* Set version disabled mask now we know version */
+	if (!SSL_USE_TLS1_2_CIPHERS(s))
+		ct->mask_ssl = SSL_TLSV1_2;
+	else
+		ct->mask_ssl = 0;
 	/* If it is a disabled cipher we didn't send it in client hello,
 	 * so return an error.
 	 */
@@ -3564,9 +3569,11 @@ int ssl3_check_finished(SSL *s)
 	{
 	int ok;
 	long n;
-/*	Read the message to see if it is supplemental data, regardless if there is a session ticket
-	this function is called when we really expect a Certificate
-	message, so permit appropriate message length */
+
+	/* Read the message to see if it is supplemental data,
+	 * regardless if there is a session ticket this function is
+	 * called when we really expect a Certificate message, so
+	 * permit appropriate message length */
 	n=s->method->ssl_get_message(s,
 		SSL3_ST_CR_CERT_A,
 		SSL3_ST_CR_CERT_B,
@@ -3577,9 +3584,7 @@ int ssl3_check_finished(SSL *s)
 	s->s3->tmp.reuse_message = 1;
 
 	if (s->s3->tmp.message_type == SSL3_MT_SUPPLEMENTAL_DATA)
-		{
 		return 3;
-		}
 	/* If we have no ticket it cannot be a resumed session. */
 	if (!s->session->tlsext_tick)
 		return 1;
@@ -3645,7 +3650,7 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
 				SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
 				return 0;
 			    	}
-			//if first entry, write handshake message type
+			/* if first entry, write handshake message type */
 			if (length == 0)
 				{
 				if (!BUF_MEM_grow_clean(s->init_buf, 4))
@@ -3655,9 +3660,12 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
 					}
 				p = (unsigned char *)s->init_buf->data;
 				*(p++) = SSL3_MT_SUPPLEMENTAL_DATA;
-				//update message length when all callbacks complete
+				/* update message length when all
+				 * callbacks complete */
 				size_loc = p;
-				//skip over handshake length field (3 bytes) and supp_data length field (3 bytes)
+				/* skip over handshake length field (3
+				 * bytes) and supp_data length field
+				 * (3 bytes) */
 				p += 3 + 3;
 				length += 1 +3 +3;
 				}
@@ -3674,9 +3682,9 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
 			}
 		if (length > 0)
 			{
-			//write handshake length
+			/* write handshake length */
 			l2n3(length - 4, size_loc);
-			//supp_data length
+			/* supp_data length */
 			l2n3(length - 7, size_loc);
 			s->state = SSL3_ST_CW_SUPPLEMENTAL_DATA_B;
 			s->init_num = length;
@@ -3685,7 +3693,7 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip)
 			}
 		}
 
-	//no supp data message sent
+	/* no supp data message sent */
 	*skip = 1;
 	s->init_num = 0;
 	s->init_off = 0;
@@ -3724,11 +3732,11 @@ int tls1_get_server_supplemental_data(SSL *s)
 		goto f_err;
 		}
 	n2l3(p, supp_data_len);
-	while (p<d+supp_data_len)
+	while (p < d+supp_data_len)
 		{
 		n2s(p, supp_data_entry_type);
 		n2s(p, supp_data_entry_len);
-		//if there is a callback for this supp data type, send it
+		/* if there is a callback for this supp data type, send it */
 		for (i=0; i < s->ctx->cli_supp_data_records_count; i++)
 			{
 			if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type && s->ctx->cli_supp_data_records[i].fn1)
@@ -3741,7 +3749,7 @@ int tls1_get_server_supplemental_data(SSL *s)
 					}
 				}
 			}
-		p+=supp_data_entry_len;
+		p += supp_data_entry_len;
 		}
 	return 1;
 f_err: