Resolve conflicts
This commit is contained in:
parent
68872806ec
commit
4fef76e966
@ -465,12 +465,20 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
||||
ASN1_TYPE *param, EVP_CIPHER *cipher,
|
||||
EVP_MD *md, int en_de);
|
||||
|
||||
#ifndef NO_RSA
|
||||
#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
|
||||
(char *)(rsa))
|
||||
#endif
|
||||
|
||||
#ifndef NO_DSA
|
||||
#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
|
||||
(char *)(dsa))
|
||||
#endif
|
||||
|
||||
#ifndef NO_DH
|
||||
#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
|
||||
(char *)(dh))
|
||||
#endif
|
||||
|
||||
/* Add some extra combinations */
|
||||
#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
|
||||
@ -614,17 +622,29 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
|
||||
#endif
|
||||
|
||||
EVP_MD *EVP_md_null(void);
|
||||
#ifndef NO_MD2
|
||||
EVP_MD *EVP_md2(void);
|
||||
#endif
|
||||
#ifndef NO_MD4
|
||||
EVP_MD *EVP_md4(void);
|
||||
#endif
|
||||
#ifndef NO_MD5
|
||||
EVP_MD *EVP_md5(void);
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
EVP_MD *EVP_sha(void);
|
||||
EVP_MD *EVP_sha1(void);
|
||||
EVP_MD *EVP_dss(void);
|
||||
EVP_MD *EVP_dss1(void);
|
||||
#endif
|
||||
#ifndef NO_MDC2
|
||||
EVP_MD *EVP_mdc2(void);
|
||||
#endif
|
||||
#ifndef NO_RIPEMD
|
||||
EVP_MD *EVP_ripemd160(void);
|
||||
|
||||
#endif
|
||||
EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
|
||||
#ifndef NO_DES
|
||||
EVP_CIPHER *EVP_des_ecb(void);
|
||||
EVP_CIPHER *EVP_des_ede(void);
|
||||
EVP_CIPHER *EVP_des_ede3(void);
|
||||
@ -638,31 +658,43 @@ EVP_CIPHER *EVP_des_cbc(void);
|
||||
EVP_CIPHER *EVP_des_ede_cbc(void);
|
||||
EVP_CIPHER *EVP_des_ede3_cbc(void);
|
||||
EVP_CIPHER *EVP_desx_cbc(void);
|
||||
#endif
|
||||
#ifndef NO_RC4
|
||||
EVP_CIPHER *EVP_rc4(void);
|
||||
EVP_CIPHER *EVP_rc4_40(void);
|
||||
#endif
|
||||
#ifndef NO_IDEA
|
||||
EVP_CIPHER *EVP_idea_ecb(void);
|
||||
EVP_CIPHER *EVP_idea_cfb(void);
|
||||
EVP_CIPHER *EVP_idea_ofb(void);
|
||||
EVP_CIPHER *EVP_idea_cbc(void);
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
EVP_CIPHER *EVP_rc2_ecb(void);
|
||||
EVP_CIPHER *EVP_rc2_cbc(void);
|
||||
EVP_CIPHER *EVP_rc2_40_cbc(void);
|
||||
EVP_CIPHER *EVP_rc2_64_cbc(void);
|
||||
EVP_CIPHER *EVP_rc2_cfb(void);
|
||||
EVP_CIPHER *EVP_rc2_ofb(void);
|
||||
#endif
|
||||
#ifndef NO_BF
|
||||
EVP_CIPHER *EVP_bf_ecb(void);
|
||||
EVP_CIPHER *EVP_bf_cbc(void);
|
||||
EVP_CIPHER *EVP_bf_cfb(void);
|
||||
EVP_CIPHER *EVP_bf_ofb(void);
|
||||
#endif
|
||||
#ifndef NO_CAST
|
||||
EVP_CIPHER *EVP_cast5_ecb(void);
|
||||
EVP_CIPHER *EVP_cast5_cbc(void);
|
||||
EVP_CIPHER *EVP_cast5_cfb(void);
|
||||
EVP_CIPHER *EVP_cast5_ofb(void);
|
||||
#endif
|
||||
#ifndef NO_RC5
|
||||
EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
|
||||
EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
|
||||
EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
|
||||
EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
|
||||
|
||||
#endif
|
||||
void OpenSSL_add_all_algorithms(void);
|
||||
void OpenSSL_add_all_ciphers(void);
|
||||
void OpenSSL_add_all_digests(void);
|
||||
|
@ -40,7 +40,8 @@ all: lib
|
||||
|
||||
lib: $(LIBOBJ)
|
||||
$(AR) $(LIB) $(LIBOBJ)
|
||||
$(RANLIB) $(LIB)
|
||||
@echo You may get an error following this line. Please ignore.
|
||||
- $(RANLIB) $(LIB)
|
||||
@touch lib
|
||||
|
||||
files:
|
||||
|
@ -139,11 +139,28 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
|
||||
|
||||
if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
|
||||
{
|
||||
if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
|
||||
if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
|
||||
goto err;
|
||||
BN_MONT_CTX* bn_mont_ctx;
|
||||
if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
|
||||
goto err;
|
||||
if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
|
||||
{
|
||||
BN_MONT_CTX_free(bn_mont_ctx);
|
||||
goto err;
|
||||
}
|
||||
if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
|
||||
{
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
if (rsa->_method_mod_n == NULL)
|
||||
{
|
||||
rsa->_method_mod_n = bn_mont_ctx;
|
||||
bn_mont_ctx = NULL;
|
||||
}
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
}
|
||||
if (bn_mont_ctx)
|
||||
BN_MONT_CTX_free(bn_mont_ctx);
|
||||
}
|
||||
|
||||
|
||||
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
|
||||
rsa->_method_mod_n)) goto err;
|
||||
|
||||
@ -370,11 +387,28 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
|
||||
/* do the decrypt */
|
||||
if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
|
||||
{
|
||||
if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
|
||||
if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
|
||||
goto err;
|
||||
BN_MONT_CTX* bn_mont_ctx;
|
||||
if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
|
||||
goto err;
|
||||
if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
|
||||
{
|
||||
BN_MONT_CTX_free(bn_mont_ctx);
|
||||
goto err;
|
||||
}
|
||||
if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
|
||||
{
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
if (rsa->_method_mod_n == NULL)
|
||||
{
|
||||
rsa->_method_mod_n = bn_mont_ctx;
|
||||
bn_mont_ctx = NULL;
|
||||
}
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
}
|
||||
if (bn_mont_ctx)
|
||||
BN_MONT_CTX_free(bn_mont_ctx);
|
||||
}
|
||||
|
||||
|
||||
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
|
||||
rsa->_method_mod_n)) goto err;
|
||||
|
||||
@ -422,20 +456,53 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
|
||||
{
|
||||
if (rsa->_method_mod_p == NULL)
|
||||
{
|
||||
if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL)
|
||||
if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p,
|
||||
ctx))
|
||||
goto err;
|
||||
BN_MONT_CTX* bn_mont_ctx;
|
||||
if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
|
||||
goto err;
|
||||
if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
|
||||
{
|
||||
BN_MONT_CTX_free(bn_mont_ctx);
|
||||
goto err;
|
||||
}
|
||||
if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
|
||||
{
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
if (rsa->_method_mod_p == NULL)
|
||||
{
|
||||
rsa->_method_mod_p = bn_mont_ctx;
|
||||
bn_mont_ctx = NULL;
|
||||
}
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
}
|
||||
if (bn_mont_ctx)
|
||||
BN_MONT_CTX_free(bn_mont_ctx);
|
||||
}
|
||||
|
||||
if (rsa->_method_mod_q == NULL)
|
||||
{
|
||||
if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL)
|
||||
if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q,
|
||||
ctx))
|
||||
goto err;
|
||||
BN_MONT_CTX* bn_mont_ctx;
|
||||
if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
|
||||
goto err;
|
||||
if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
|
||||
{
|
||||
BN_MONT_CTX_free(bn_mont_ctx);
|
||||
goto err;
|
||||
}
|
||||
if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
|
||||
{
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
if (rsa->_method_mod_q == NULL)
|
||||
{
|
||||
rsa->_method_mod_q = bn_mont_ctx;
|
||||
bn_mont_ctx = NULL;
|
||||
}
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
}
|
||||
if (bn_mont_ctx)
|
||||
BN_MONT_CTX_free(bn_mont_ctx);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
|
||||
if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
|
||||
rsa->_method_mod_q)) goto err;
|
||||
|
@ -923,6 +923,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
|
||||
goto err;
|
||||
}
|
||||
ERR_clear_error(); /* but we keep s->verify_result */
|
||||
s->session->verify_result = s->verify_result;
|
||||
|
||||
/* server's cert for this session */
|
||||
sc=ssl_sess_cert_new();
|
||||
|
@ -262,7 +262,7 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u)
|
||||
|
||||
int ssl2_pending(SSL *s)
|
||||
{
|
||||
return(s->s2->ract_data_length);
|
||||
return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
|
||||
}
|
||||
|
||||
int ssl2_new(SSL *s)
|
||||
@ -272,10 +272,16 @@ int ssl2_new(SSL *s)
|
||||
if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
|
||||
memset(s2,0,sizeof *s2);
|
||||
|
||||
#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
|
||||
# error "assertion failed"
|
||||
#endif
|
||||
|
||||
if ((s2->rbuf=OPENSSL_malloc(
|
||||
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
|
||||
/* wbuf needs one byte more because when using two-byte headers,
|
||||
* we leave the first byte unused in do_ssl_write (s2_pkt.c) */
|
||||
if ((s2->wbuf=OPENSSL_malloc(
|
||||
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
|
||||
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
|
||||
s->s2=s2;
|
||||
|
||||
ssl2_clear(s);
|
||||
|
@ -54,6 +54,58 @@
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
@ -68,23 +120,12 @@ static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
|
||||
static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
|
||||
static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
|
||||
static int ssl_mt_error(int n);
|
||||
int ssl2_peek(SSL *s, char *buf, int len)
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret=ssl2_read(s,buf,len);
|
||||
if (ret > 0)
|
||||
{
|
||||
s->s2->ract_data_length+=ret;
|
||||
s->s2->ract_data-=ret;
|
||||
}
|
||||
return(ret);
|
||||
}
|
||||
|
||||
/* SSL_read -
|
||||
/* SSL 2.0 imlementation for SSL_read/SSL_peek -
|
||||
* This routine will return 0 to len bytes, decrypted etc if required.
|
||||
*/
|
||||
int ssl2_read(SSL *s, void *buf, int len)
|
||||
static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
|
||||
{
|
||||
int n;
|
||||
unsigned char mac[MAX_MAC_SIZE];
|
||||
@ -92,14 +133,14 @@ int ssl2_read(SSL *s, void *buf, int len)
|
||||
int i;
|
||||
unsigned int mac_size=0;
|
||||
|
||||
ssl2_read_again:
|
||||
ssl2_read_again:
|
||||
if (SSL_in_init(s) && !s->in_handshake)
|
||||
{
|
||||
n=s->handshake_func(s);
|
||||
if (n < 0) return(n);
|
||||
if (n == 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
|
||||
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
|
||||
return(-1);
|
||||
}
|
||||
}
|
||||
@ -116,13 +157,22 @@ int ssl2_read(SSL *s, void *buf, int len)
|
||||
n=len;
|
||||
|
||||
memcpy(buf,s->s2->ract_data,(unsigned int)n);
|
||||
s->s2->ract_data_length-=n;
|
||||
s->s2->ract_data+=n;
|
||||
if (s->s2->ract_data_length == 0)
|
||||
s->rstate=SSL_ST_READ_HEADER;
|
||||
if (!peek)
|
||||
{
|
||||
s->s2->ract_data_length-=n;
|
||||
s->s2->ract_data+=n;
|
||||
if (s->s2->ract_data_length == 0)
|
||||
s->rstate=SSL_ST_READ_HEADER;
|
||||
}
|
||||
|
||||
return(n);
|
||||
}
|
||||
|
||||
/* s->s2->ract_data_length == 0
|
||||
*
|
||||
* Fill the buffer, then goto ssl2_read_again.
|
||||
*/
|
||||
|
||||
if (s->rstate == SSL_ST_READ_HEADER)
|
||||
{
|
||||
if (s->first_packet)
|
||||
@ -135,7 +185,7 @@ int ssl2_read(SSL *s, void *buf, int len)
|
||||
(p[2] == SSL2_MT_CLIENT_HELLO) ||
|
||||
(p[2] == SSL2_MT_SERVER_HELLO))))
|
||||
{
|
||||
SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET);
|
||||
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
|
||||
return(-1);
|
||||
}
|
||||
}
|
||||
@ -213,48 +263,49 @@ int ssl2_read(SSL *s, void *buf, int len)
|
||||
(unsigned int)mac_size) != 0) ||
|
||||
(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
|
||||
{
|
||||
SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE);
|
||||
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
|
||||
return(-1);
|
||||
}
|
||||
}
|
||||
INC32(s->s2->read_sequence); /* expect next number */
|
||||
/* s->s2->ract_data is now available for processing */
|
||||
|
||||
#if 1
|
||||
/* How should we react when a packet containing 0
|
||||
* bytes is received? (Note that SSLeay/OpenSSL itself
|
||||
* never sends such packets; see ssl2_write.)
|
||||
* Returning 0 would be interpreted by the caller as
|
||||
* indicating EOF, so it's not a good idea.
|
||||
* Instead, we just continue reading. Note that using
|
||||
* select() for blocking sockets *never* guarantees
|
||||
/* Possibly the packet that we just read had 0 actual data bytes.
|
||||
* (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
|
||||
* In this case, returning 0 would be interpreted by the caller
|
||||
* as indicating EOF, so it's not a good idea. Instead, we just
|
||||
* continue reading; thus ssl2_read_internal may have to process
|
||||
* multiple packets before it can return.
|
||||
*
|
||||
* [Note that using select() for blocking sockets *never* guarantees
|
||||
* that the next SSL_read will not block -- the available
|
||||
* data may contain incomplete packets, and except for SSL 2
|
||||
* renegotiation can confuse things even more. */
|
||||
* data may contain incomplete packets, and except for SSL 2,
|
||||
* renegotiation can confuse things even more.] */
|
||||
|
||||
goto ssl2_read_again; /* This should really be
|
||||
* "return ssl2_read(s,buf,len)",
|
||||
* but that would allow for
|
||||
* denial-of-service attacks if a
|
||||
* C compiler is used that does not
|
||||
* recognize end-recursion. */
|
||||
#else
|
||||
/* If a 0 byte packet was sent, return 0, otherwise
|
||||
* we play havoc with people using select with
|
||||
* blocking sockets. Let them handle a packet at a time,
|
||||
* they should really be using non-blocking sockets. */
|
||||
if (s->s2->ract_data_length == 0)
|
||||
return(0);
|
||||
return(ssl2_read(s,buf,len));
|
||||
#endif
|
||||
* "return ssl2_read(s,buf,len)",
|
||||
* but that would allow for
|
||||
* denial-of-service attacks if a
|
||||
* C compiler is used that does not
|
||||
* recognize end-recursion. */
|
||||
}
|
||||
else
|
||||
{
|
||||
SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE);
|
||||
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
|
||||
return(-1);
|
||||
}
|
||||
}
|
||||
|
||||
int ssl2_read(SSL *s, void *buf, int len)
|
||||
{
|
||||
return ssl2_read_internal(s, buf, len, 0);
|
||||
}
|
||||
|
||||
int ssl2_peek(SSL *s, char *buf, int len)
|
||||
{
|
||||
return ssl2_read_internal(s, buf, len, 1);
|
||||
}
|
||||
|
||||
static int read_n(SSL *s, unsigned int n, unsigned int max,
|
||||
unsigned int extend)
|
||||
{
|
||||
@ -485,6 +536,9 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
|
||||
{
|
||||
bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
|
||||
j=len+mac_size;
|
||||
/* Two-byte headers allow for a larger record length than
|
||||
* three-byte headers, but we can't use them if we need
|
||||
* padding or if we have to set the escape bit. */
|
||||
if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
|
||||
(!s->s2->escape))
|
||||
{
|
||||
@ -500,25 +554,39 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
|
||||
}
|
||||
else if ((bs <= 1) && (!s->s2->escape))
|
||||
{
|
||||
/* len=len; */
|
||||
/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
|
||||
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
|
||||
s->s2->three_byte_header=0;
|
||||
p=0;
|
||||
}
|
||||
else /* 3 byte header */
|
||||
else /* we may have to use a 3 byte header */
|
||||
{
|
||||
/*len=len; */
|
||||
/* If s->s2->escape is not set, then
|
||||
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
|
||||
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
|
||||
p=(j%bs);
|
||||
p=(p == 0)?0:(bs-p);
|
||||
if (s->s2->escape)
|
||||
{
|
||||
s->s2->three_byte_header=1;
|
||||
if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
|
||||
j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
|
||||
}
|
||||
else
|
||||
s->s2->three_byte_header=(p == 0)?0:1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Now
|
||||
* j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
|
||||
* holds, and if s->s2->three_byte_header is set, then even
|
||||
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
|
||||
*/
|
||||
|
||||
/* mac_size is the number of MAC bytes
|
||||
* len is the number of data bytes we are going to send
|
||||
* p is the number of padding bytes
|
||||
* if p == 0, it is a 2 byte header */
|
||||
* (if it is a two-byte header, then p == 0) */
|
||||
|
||||
s->s2->wlength=len;
|
||||
s->s2->padding=p;
|
||||
|
Loading…
Reference in New Issue
Block a user