diff options
author | Parménides GV <parmegv@sdf.org> | 2014-06-13 12:13:04 +0200 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2014-06-13 12:13:04 +0200 |
commit | 3a71bc9e4aa4296f460e2e3c55de74c9852477ad (patch) | |
tree | f816597a7c4322137f0657e7aa2bf392404d1870 /app/openssl/ssl/s3_both.c | |
parent | cfe67bfd8260253ce9288225b9e26f666d27133f (diff) | |
parent | 36247e71df88fa13c6c5a887de3b11d9a883615f (diff) |
Merge branch 'feature/establish-an-upstream-relationship-with-ics-openvpn-codebase-#5381' into develop
Diffstat (limited to 'app/openssl/ssl/s3_both.c')
-rw-r--r-- | app/openssl/ssl/s3_both.c | 46 |
1 files changed, 20 insertions, 26 deletions
diff --git a/app/openssl/ssl/s3_both.c b/app/openssl/ssl/s3_both.c index 508e3902..d9e18a31 100644 --- a/app/openssl/ssl/s3_both.c +++ b/app/openssl/ssl/s3_both.c @@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) i=s->method->ssl3_enc->final_finish_mac(s, sender,slen,s->s3->tmp.finish_md); + if (i == 0) + return 0; s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); p+=i; @@ -208,7 +210,11 @@ static void ssl3_take_mac(SSL *s) { const char *sender; int slen; - + /* If no new cipher setup return immediately: other functions will + * set the appropriate error. + */ + if (s->s3->tmp.new_cipher == NULL) + return; if (s->state & SSL_ST_CONNECT) { sender=s->method->ssl3_enc->server_finished_label; @@ -233,7 +239,7 @@ int ssl3_get_finished(SSL *s, int a, int b) #ifdef OPENSSL_NO_NEXTPROTONEG /* the mac has already been generated when we received the - * change cipher spec message and is in s->s3->tmp.peer_finish_md + * change cipher spec message and is in s->s3->tmp.peer_finish_md. */ #endif @@ -265,7 +271,7 @@ int ssl3_get_finished(SSL *s, int a, int b) goto f_err; } - if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) + if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); @@ -555,7 +561,8 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) #endif /* Feed this message into MAC computation. */ - ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); + if (*(unsigned char*)s->init_buf->data != SSL3_MT_ENCRYPTED_EXTENSIONS) + ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); *ok=1; @@ -756,20 +763,13 @@ int ssl3_setup_read_buffer(SSL *s) if (s->s3->rbuf.buf == NULL) { - if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) - { - len = SSL3_RT_DEFAULT_PACKET_SIZE; - } - else + len = SSL3_RT_MAX_PLAIN_LENGTH + + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + + headerlen + align; + if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { - len = SSL3_RT_MAX_PLAIN_LENGTH - + SSL3_RT_MAX_ENCRYPTED_OVERHEAD - + headerlen + align; - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - { - s->s3->init_extra = 1; - len += SSL3_RT_MAX_EXTRA; - } + s->s3->init_extra = 1; + len += SSL3_RT_MAX_EXTRA; } #ifndef OPENSSL_NO_COMP if (!(s->options & SSL_OP_NO_COMPRESSION)) @@ -805,15 +805,7 @@ int ssl3_setup_write_buffer(SSL *s) if (s->s3->wbuf.buf == NULL) { - if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) - { - len = SSL3_RT_DEFAULT_PACKET_SIZE; - } - else - { - len = s->max_send_fragment; - } - len += 0 + len = s->max_send_fragment + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; #ifndef OPENSSL_NO_COMP @@ -823,6 +815,7 @@ int ssl3_setup_write_buffer(SSL *s) if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; + if ((p=freelist_extract(s->ctx, 0, len)) == NULL) goto err; s->s3->wbuf.buf = p; @@ -865,3 +858,4 @@ int ssl3_release_read_buffer(SSL *s) } return 1; } + |