projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
PR: 2533
[openssl.git]
/
ssl
/
s3_pkt.c
diff --git
a/ssl/s3_pkt.c
b/ssl/s3_pkt.c
index b30c032b74e01c316f145a3ccab4975dde34e7c4..46304766a4e65ab5be06c2e4fd603c53532db9fb 100644
(file)
--- a/
ssl/s3_pkt.c
+++ b/
ssl/s3_pkt.c
@@
-247,7
+247,8
@@
int ssl3_read_n(SSL *s, int n, int max, int extend)
if (i <= 0)
{
rb->left = left;
if (i <= 0)
{
rb->left = left;
- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+ SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
if (len+left == 0)
ssl3_release_read_buffer(s);
return(i);
if (len+left == 0)
ssl3_release_read_buffer(s);
return(i);
@@
-741,7
+742,8
@@
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
plen=p;
p+=2;
/* Explicit IV length, block ciphers and TLS version 1.1 or later */
plen=p;
p+=2;
/* Explicit IV length, block ciphers and TLS version 1.1 or later */
- if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
+ if (s->enc_write_ctx && s->version >= TLS1_1_VERSION
+ && EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)
{
eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
if (eivlen <= 1)
{
eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
if (eivlen <= 1)
@@
-865,7
+867,8
@@
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
{
wb->left=0;
wb->offset+=i;
{
wb->left=0;
wb->offset+=i;
- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+ SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
ssl3_release_write_buffer(s);
s->rwstate=SSL_NOTHING;
return(s->s3->wpend_ret);
ssl3_release_write_buffer(s);
s->rwstate=SSL_NOTHING;
return(s->s3->wpend_ret);
@@
-1202,6
+1205,10
@@
start:
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
goto f_err;
}
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
goto f_err;
}
+#ifdef SSL_AD_MISSING_SRP_USERNAME
+ if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+ return(0);
+#endif
}
else if (alert_level == 2) /* fatal */
{
}
else if (alert_level == 2) /* fatal */
{
@@
-1280,6
+1287,7
@@
start:
#else
s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
#endif
#else
s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
#endif
+ s->renegotiate=1;
s->new_session=1;
}
i=s->handshake_func(s);
s->new_session=1;
}
i=s->handshake_func(s);
@@
-1313,7
+1321,9
@@
start:
{
default:
#ifndef OPENSSL_NO_TLS
{
default:
#ifndef OPENSSL_NO_TLS
- /* TLS just ignores unknown message types */
+ /* TLS up to v1.1 just ignores unknown message types:
+ * TLS v1.2 give an unexpected message alert.
+ */
if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
{
rr->length = 0;
if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
{
rr->length = 0;