aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/t1_lib.c
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2014-10-15 17:32:57 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2014-10-15 17:32:57 +0000
commit58ab7656b2c140e06d60a7831a9f5b6e1ddc2fe5 (patch)
tree6195ffd39cd3e0b3d6c711f6531b3e7e13b85b44 /ssl/t1_lib.c
parentcb6864802ed26a1031701a6a385961592a5cac25 (diff)
downloadsrc-58ab7656b2c140e06d60a7831a9f5b6e1ddc2fe5.tar.gz
src-58ab7656b2c140e06d60a7831a9f5b6e1ddc2fe5.zip
Import OpenSSL 1.0.1j.vendor/openssl/1.0.1j
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=273138 svn path=/vendor-crypto/openssl/1.0.1j/; revision=273139; tag=vendor/openssl/1.0.1j
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r--ssl/t1_lib.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 022a4fb289e3..d6aff4b682f2 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -643,7 +643,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
#endif
#ifndef OPENSSL_NO_SRTP
- if(SSL_get_srtp_profiles(s))
+ if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
{
int el;
@@ -806,7 +806,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
#endif
#ifndef OPENSSL_NO_SRTP
- if(s->srtp_profile)
+ if(SSL_IS_DTLS(s) && s->srtp_profile)
{
int el;
@@ -1444,7 +1444,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
/* session ticket processed earlier */
#ifndef OPENSSL_NO_SRTP
- else if (type == TLSEXT_TYPE_use_srtp)
+ else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
+ && type == TLSEXT_TYPE_use_srtp)
{
if(ssl_parse_clienthello_use_srtp_ext(s, data, size,
al))
@@ -1698,7 +1699,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
}
#endif
#ifndef OPENSSL_NO_SRTP
- else if (type == TLSEXT_TYPE_use_srtp)
+ else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp)
{
if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
al))
@@ -2347,7 +2348,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
HMAC_Final(&hctx, tick_hmac, NULL);
HMAC_CTX_cleanup(&hctx);
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
+ {
+ EVP_CIPHER_CTX_cleanup(&ctx);
return 2;
+ }
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);