if (i <= 0)
{
rb->left = left;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
- if (len+left == 0 &&
- (s->mode & SSL_MODE_RELEASE_BUFFERS))
- ssl3_release_read_buffer(s);
-#endif
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ if (len+left == 0)
+ ssl3_release_read_buffer(s);
return(i);
}
left+=i;
if (!clear)
{
+ /* !clear => s->read_hash != NULL => mac_size != -1 */
mac_size=EVP_MD_CTX_size(s->read_hash);
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
{
wb->left=0;
wb->offset+=i;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
if (s->mode & SSL_MODE_RELEASE_BUFFERS)
ssl3_release_write_buffer(s);
-#endif
s->rwstate=SSL_NOTHING;
return(s->s3->wpend_ret);
}
- else if (i <= 0)
+ else if (i <= 0) {
+ if (s->version == DTLS1_VERSION) {
+ /* For DTLS, just drop it. That's kind of the wh
+ole
+ point in using a datagram service */
+ wb->left = 0;
+ }
return(i);
+ }
wb->offset+=i;
wb->left-=i;
}
{
s->rstate=SSL_ST_READ_HEADER;
rr->off=0;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
- if ((s->mode & SSL_MODE_RELEASE_BUFFERS))
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS)
ssl3_release_read_buffer(s);
-#endif
}
}
return(n);
if (s->s3->tmp.key_block == NULL)
{
+ if (s->session == NULL)
+ {
+ /* might happen if dtls1_read_bytes() calls this */
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+ return (0);
+ }
+
s->session->cipher=s->s3->tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
}