Always return errors in ssl3_get_client_hello

[openssl.git] / ssl / d1_both.c

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index ee945cbd3a9d70dc71d9ac78ed92c01acb8324ab..f7947bd98817a7b25c728e03ff1dbf1a7831cfe3 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -272,12 +272,17 @@ int dtls1_do_write(SSL *s, int type)
                        (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
 
        if (s->write_hash)
-               mac_size = EVP_MD_CTX_size(s->write_hash);
+               {
+               if (s->enc_write_ctx && EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_GCM_MODE)
+                       mac_size = 0;
+               else
+                       mac_size = EVP_MD_CTX_size(s->write_hash);
+               }
        else
                mac_size = 0;
 
        if (s->enc_write_ctx && 
-               (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
+               (EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
                blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
        else
                blocksize = 0;
@@ -1037,7 +1042,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
        if ( is_ccs)
                {
                OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
-                              ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
+                              DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
                }
        else
                {