aboutsummaryrefslogtreecommitdiff
path: root/ssl/record/ssl3_record.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/record/ssl3_record.c')
-rw-r--r--ssl/record/ssl3_record.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 1867f001179f..3c0b1323a459 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -576,6 +576,7 @@ int ssl3_get_record(SSL *s)
}
}
+ ERR_set_mark();
enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0, macbufs, mac_size);
/*-
@@ -587,6 +588,7 @@ int ssl3_get_record(SSL *s)
if (enc_err == 0) {
if (ossl_statem_in_error(s)) {
/* SSLfatal() already got called */
+ ERR_clear_last_mark();
goto end;
}
if (num_recs == 1 && ossl_statem_skip_early_data(s)) {
@@ -595,6 +597,12 @@ int ssl3_get_record(SSL *s)
* it like an empty record.
*/
+ /*
+ * Remove any errors from the stack. Decryption failures are normal
+ * behaviour.
+ */
+ ERR_pop_to_mark();
+
thisrr = &rr[0];
if (!early_data_count_ok(s, thisrr->length,
@@ -610,9 +618,12 @@ int ssl3_get_record(SSL *s)
ret = 1;
goto end;
}
+ ERR_clear_last_mark();
SSLfatal(s, SSL_AD_BAD_RECORD_MAC,
SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
goto end;
+ } else {
+ ERR_clear_last_mark();
}
OSSL_TRACE_BEGIN(TLS) {
BIO_printf(trc_out, "dec %lu\n", (unsigned long)rr[0].length);
@@ -964,6 +975,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
EVP_CIPHER_CTX *ds;
size_t reclen[SSL_MAX_PIPELINES];
unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
+ unsigned char *data[SSL_MAX_PIPELINES];
int i, pad = 0, tmpr;
size_t bs, ctr, padnum, loop;
unsigned char padval;
@@ -1123,8 +1135,6 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
}
}
if (n_recs > 1) {
- unsigned char *data[SSL_MAX_PIPELINES];
-
/* Set the output buffers */
for (ctr = 0; ctr < n_recs; ctr++) {
data[ctr] = recs[ctr].data;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-10 16:13:34 +0000