[PR3597] Advance to the next state variant when reusing messages.

[openssl.git] / ssl / s3_pkt.c

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index dab2bd766fd997abe5698cfbc4622fe57feef0fe..8fedf5a80d7c64e4815dd1706f9cf7c039abaedb 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -574,7 +574,7 @@ printf("\n");
                if (empty_record_count > MAX_EMPTY_RECORDS)
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_TOO_MANY_EMPTY_FRAGMENTS);
+                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL);
                        goto f_err;
                        }
                goto again;
@@ -714,7 +714,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                int packlen;
 
                /* minimize address aliasing conflicts */
-               if ((max_send_fragment&0xffff) == 0)
+               if ((max_send_fragment&0xfff) == 0)
                        max_send_fragment -= 512;
 
                if (tot==0 || wb->buf==NULL)    /* allocate jumbo buffer */
@@ -1118,8 +1118,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                wr->length += eivlen;
                }
 
-       /* ssl3_enc can only have an error on read */
-       s->method->ssl3_enc->enc(s,1);
+       if(s->method->ssl3_enc->enc(s,1)<1) goto err;
 
        if (SSL_USE_ETM(s) && mac_size != 0)
                {
@@ -1793,7 +1792,7 @@ int ssl3_send_alert(SSL *s, int level, int desc)
                desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
        if (desc < 0) return -1;
        /* If a fatal one, remove from cache */
-       if ((level == 2) && (s->session != NULL))
+       if ((level == SSL3_AL_FATAL) && (s->session != NULL))
                SSL_CTX_remove_session(s->ctx,s->session);
 
        s->s3->alert_dispatch=1;