/* decrypt in place in 'rr->input' */
rr->data=rr->input;
- orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0);
/* enc_err is:
mac_size=EVP_MD_CTX_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+ /* kludge: *_cbc_remove_padding passes padding length in rr->type */
+ orig_len = rr->length+((unsigned int)rr->type>>8);
+
/* orig_len is the length of the record before any padding was
* removed. This is public information, as is the MAC in use,
* therefore we can safely process the record in a different
orig_len < mac_size+1))
{
al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
}
}
+ if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
+ {
+ rr->length = 0;
+ goto start;
+ }
+
/* we now have a packet which can be read and processed */
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!s->s3->renegotiate)
{
+ s->d1->handshake_read_seq++;
s->new_session = 1;
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))