Fixed variable length macs used by gnutls.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@205 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

ssl/test/ssltest.c

@@ -798,13 +798,13 @@ static void do_client(client_t *clnt)
     /* show the session ids in the reconnect test */
     if (strcmp(clnt->testname, "Session Reuse") == 0)
     {
-        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
             "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", 
             g_port, clnt->openssl_option);
     }
     else
     {
-        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
 #ifdef WIN32
             "-connect localhost:%d -quiet %s",
 #else

ssl/tls1.c

@@ -698,7 +698,7 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
         hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
 
         /* guard against a timing attack - make sure we do the digest */
-        if (hmac_offset < 0 || last_blk_size > ssl->cipher_info->padding_size)
+        if (hmac_offset < 0)
         {
             hmac_offset = 0;
         }

ssl/tls1_svr.c

@@ -124,9 +124,10 @@ static int process_client_hello(SSL *ssl)
     
     /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
     uint8_t version = (record_buf[1] << 4) + record_buf[2];
+
     if (version > SSL_PROTOCOL_VERSION)
         version = SSL_PROTOCOL_VERSION;
-    else if (ssl->version < SSL_PROTOCOL_MIN_VERSION) 
+    else if (version < SSL_PROTOCOL_MIN_VERSION) 
     {
         ret = SSL_ERROR_INVALID_VERSION;
         ssl_display_error(ret);