diff --git a/src/internal.c b/src/internal.c index ae0556cbc..181b90d9c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7257,30 +7257,31 @@ int SetCipherList(Suites* s, const char* list) ssl->options.haveSessionId = 1; /* DoClientHello uses same resume code */ - while (ssl->options.resuming) { /* let's try */ + if (ssl->options.resuming) { /* let's try */ int ret; CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret); if (!session) { + CYASSL_MSG("Session lookup for resume failed"); ssl->options.resuming = 0; - break; /* session lookup failed */ - } - if (MatchSuite(ssl, &clSuites) < 0) { - CYASSL_MSG("Unsupported cipher suite, OldClientHello"); - return UNSUPPORTED_SUITE; - } + } else { + if (MatchSuite(ssl, &clSuites) < 0) { + CYASSL_MSG("Unsupported cipher suite, OldClientHello"); + return UNSUPPORTED_SUITE; + } - RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN); - #ifndef NO_OLD_TLS - if (ssl->options.tls) + RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN); + #ifndef NO_OLD_TLS + if (ssl->options.tls) + ret = DeriveTlsKeys(ssl); + else + ret = DeriveKeys(ssl); + #else ret = DeriveTlsKeys(ssl); - else - ret = DeriveKeys(ssl); - #else - ret = DeriveTlsKeys(ssl); - #endif - ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; + #endif + ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; - return ret; + return ret; + } } return MatchSuite(ssl, &clSuites); @@ -7429,31 +7430,31 @@ int SetCipherList(Suites* s, const char* list) ssl->options.haveSessionId = 1; /* ProcessOld uses same resume code */ - while (ssl->options.resuming) { /* let's try */ + if (ssl->options.resuming) { /* let's try */ int ret; CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret); if (!session) { - ssl->options.resuming = 0; CYASSL_MSG("Session lookup for resume failed"); - break; /* session lookup failed */ - } - if (MatchSuite(ssl, &clSuites) < 0) { - CYASSL_MSG("Unsupported cipher suite, ClientHello"); - return UNSUPPORTED_SUITE; - } + ssl->options.resuming = 0; + } else { + if (MatchSuite(ssl, &clSuites) < 0) { + CYASSL_MSG("Unsupported cipher suite, ClientHello"); + return UNSUPPORTED_SUITE; + } - RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN); - #ifndef NO_OLD_TLS - if (ssl->options.tls) + RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN); + #ifndef NO_OLD_TLS + if (ssl->options.tls) + ret = DeriveTlsKeys(ssl); + else + ret = DeriveKeys(ssl); + #else ret = DeriveTlsKeys(ssl); - else - ret = DeriveKeys(ssl); - #else - ret = DeriveTlsKeys(ssl); - #endif - ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; + #endif + ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; - return ret; + return ret; + } } return MatchSuite(ssl, &clSuites); } diff --git a/src/sniffer.c b/src/sniffer.c index 5e93aa595..02a64d9f3 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -2275,7 +2275,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, const byte* sslBegin = sslFrame; const byte* tmp; RecordLayerHeader rh; - int rhSize; + int rhSize = 0; int ret; int decoded = 0; /* bytes stored for user in data */ int notEnough; /* notEnough bytes yet flag */