PR: 2505

[oweals/openssl.git] / ssl / s3_pkt.c

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index a1fec62df805e96e7946fa2f816088b413649581..e166a510b97a3bd259b4db7a6328202a15588392 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -741,7 +741,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        plen=p; 
        p+=2;
        /* Explicit IV length, block ciphers and TLS version 1.1 or later */
-       if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
+       if (s->enc_write_ctx && s->version >= TLS1_1_VERSION
+               && EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)
                {
                eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
                if (eivlen <= 1)
@@ -1202,6 +1203,10 @@ start:
                                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
                                goto f_err;
                                }
+#ifdef SSL_AD_MISSING_SRP_USERNAME
+                       if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+                               return(0);
+#endif
                        }
                else if (alert_level == 2) /* fatal */
                        {
@@ -1314,7 +1319,9 @@ start:
                {
        default:
 #ifndef OPENSSL_NO_TLS
-               /* TLS just ignores unknown message types */
+               /* TLS up to v1.1 just ignores unknown message types:
+                * TLS v1.2 give an unexpected message alert.
+                */
                if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
                        {
                        rr->length = 0;