projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use the callbacks from the SSL object instead of the SSL_CTX object
[openssl.git]
/
ssl
/
s3_enc.c
diff --git
a/ssl/s3_enc.c
b/ssl/s3_enc.c
index ba71bc14b4a52fffc773b34be2acd9cc2c1f15ff..88e74edf2beb856b99777e1d1d828be00ec2d96c 100644
(file)
--- a/
ssl/s3_enc.c
+++ b/
ssl/s3_enc.c
@@
-61,10
+61,10
@@
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
k++;
EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
k++;
- if (k > sizeof
buf
) {
+ if (k > sizeof
(buf)
) {
/* bug: 'buf' is too small for this ciphersuite */
SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
/* bug: 'buf' is too small for this ciphersuite */
SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
-
return 0
;
+
goto err
;
}
for (j = 0; j < k; j++)
}
for (j = 0; j < k; j++)
@@
-227,7
+227,8
@@
int ssl3_change_cipher_state(SSL *s, int which)
memcpy(mac_secret, ms, i);
memcpy(mac_secret, ms, i);
- EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));
+ if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
+ goto err2;
#ifdef OPENSSL_SSL_TRACE_CRYPTO
if (s->msg_callback) {
#ifdef OPENSSL_SSL_TRACE_CRYPTO
if (s->msg_callback) {
@@
-590,6
+591,8
@@
int ssl3_alert_code(int code)
return (TLS1_AD_INAPPROPRIATE_FALLBACK);
case SSL_AD_NO_APPLICATION_PROTOCOL:
return (TLS1_AD_NO_APPLICATION_PROTOCOL);
return (TLS1_AD_INAPPROPRIATE_FALLBACK);
case SSL_AD_NO_APPLICATION_PROTOCOL:
return (TLS1_AD_NO_APPLICATION_PROTOCOL);
+ case SSL_AD_CERTIFICATE_REQUIRED:
+ return SSL_AD_HANDSHAKE_FAILURE;
default:
return (-1);
}
default:
return (-1);
}