summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_both.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 16:07:22 +0000
committerjsing <>2014-04-14 16:07:22 +0000
commit3779c39bff8e2ae1adcc6f1324eb388d0bd49a15 (patch)
tree59d0c287f42ab034084280f620d44a0f68d282e7 /src/lib/libssl/s3_both.c
parent0d0163b85ca991957ea599bb646ef136beaef4d0 (diff)
downloadopenbsd-3779c39bff8e2ae1adcc6f1324eb388d0bd49a15.tar.gz
openbsd-3779c39bff8e2ae1adcc6f1324eb388d0bd49a15.tar.bz2
openbsd-3779c39bff8e2ae1adcc6f1324eb388d0bd49a15.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/s3_both.c')
-rw-r--r--src/lib/libssl/s3_both.c668
1 files changed, 314 insertions, 354 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 77f825af31..b2fd5c6f80 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -125,82 +125,81 @@
125#include <openssl/x509.h> 125#include <openssl/x509.h>
126 126
127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ 127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
128int ssl3_do_write(SSL *s, int type) 128int
129 { 129ssl3_do_write(SSL *s, int type)
130{
130 int ret; 131 int ret;
131 132
132 ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], 133 ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
133 s->init_num); 134 s->init_num);
134 if (ret < 0) return(-1); 135 if (ret < 0)
136 return (-1);
135 if (type == SSL3_RT_HANDSHAKE) 137 if (type == SSL3_RT_HANDSHAKE)
136 /* should not be done for 'Hello Request's, but in that case 138 /* should not be done for 'Hello Request's, but in that case
137 * we'll ignore the result anyway */ 139 * we'll ignore the result anyway */
138 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); 140 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret);
139 141
140 if (ret == s->init_num) 142 if (ret == s->init_num) {
141 {
142 if (s->msg_callback) 143 if (s->msg_callback)
143 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); 144 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
144 return(1); 145 return (1);
145 }
146 s->init_off+=ret;
147 s->init_num-=ret;
148 return(0);
149 } 146 }
147 s->init_off += ret;
148 s->init_num -= ret;
149 return (0);
150}
150 151
151int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) 152int
152 { 153ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
153 unsigned char *p,*d; 154{
155 unsigned char *p, *d;
154 int i; 156 int i;
155 unsigned long l; 157 unsigned long l;
156 158
157 if (s->state == a) 159 if (s->state == a) {
158 { 160 d = (unsigned char *)s->init_buf->data;
159 d=(unsigned char *)s->init_buf->data; 161 p = &(d[4]);
160 p= &(d[4]);
161 162
162 i=s->method->ssl3_enc->final_finish_mac(s, 163 i = s->method->ssl3_enc->final_finish_mac(s,
163 sender,slen,s->s3->tmp.finish_md); 164 sender, slen, s->s3->tmp.finish_md);
164 if (i == 0) 165 if (i == 0)
165 return 0; 166 return 0;
166 s->s3->tmp.finish_md_len = i; 167 s->s3->tmp.finish_md_len = i;
167 memcpy(p, s->s3->tmp.finish_md, i); 168 memcpy(p, s->s3->tmp.finish_md, i);
168 p+=i; 169 p += i;
169 l=i; 170 l = i;
170 171
171 /* Copy the finished so we can use it for 172 /* Copy the finished so we can use it for
172 renegotiation checks */ 173 renegotiation checks */
173 if(s->type == SSL_ST_CONNECT) 174 if (s->type == SSL_ST_CONNECT) {
174 { 175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 176 memcpy(s->s3->previous_client_finished,
176 memcpy(s->s3->previous_client_finished, 177 s->s3->tmp.finish_md, i);
177 s->s3->tmp.finish_md, i); 178 s->s3->previous_client_finished_len = i;
178 s->s3->previous_client_finished_len=i; 179 } else {
179 } 180 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
180 else 181 memcpy(s->s3->previous_server_finished,
181 { 182 s->s3->tmp.finish_md, i);
182 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 183 s->s3->previous_server_finished_len = i;
183 memcpy(s->s3->previous_server_finished,
184 s->s3->tmp.finish_md, i);
185 s->s3->previous_server_finished_len=i;
186 }
187
188 *(d++)=SSL3_MT_FINISHED;
189 l2n3(l,d);
190 s->init_num=(int)l+4;
191 s->init_off=0;
192
193 s->state=b;
194 } 184 }
195 185
196 /* SSL3_ST_SEND_xxxxxx_HELLO_B */ 186 *(d++) = SSL3_MT_FINISHED;
197 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 187 l2n3(l, d);
188 s->init_num = (int)l + 4;
189 s->init_off = 0;
190
191 s->state = b;
198 } 192 }
199 193
194 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
195 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
196}
197
200#ifndef OPENSSL_NO_NEXTPROTONEG 198#ifndef OPENSSL_NO_NEXTPROTONEG
201/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ 199/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
202static void ssl3_take_mac(SSL *s) 200static void
203 { 201ssl3_take_mac(SSL *s)
202{
204 const char *sender; 203 const char *sender;
205 int slen; 204 int slen;
206 /* If no new cipher setup return immediately: other functions will 205 /* If no new cipher setup return immediately: other functions will
@@ -208,25 +207,23 @@ static void ssl3_take_mac(SSL *s)
208 */ 207 */
209 if (s->s3->tmp.new_cipher == NULL) 208 if (s->s3->tmp.new_cipher == NULL)
210 return; 209 return;
211 if (s->state & SSL_ST_CONNECT) 210 if (s->state & SSL_ST_CONNECT) {
212 { 211 sender = s->method->ssl3_enc->server_finished_label;
213 sender=s->method->ssl3_enc->server_finished_label; 212 slen = s->method->ssl3_enc->server_finished_label_len;
214 slen=s->method->ssl3_enc->server_finished_label_len; 213 } else {
215 } 214 sender = s->method->ssl3_enc->client_finished_label;
216 else 215 slen = s->method->ssl3_enc->client_finished_label_len;
217 { 216 }
218 sender=s->method->ssl3_enc->client_finished_label;
219 slen=s->method->ssl3_enc->client_finished_label_len;
220 }
221 217
222 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, 218 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
223 sender,slen,s->s3->tmp.peer_finish_md); 219 sender, slen, s->s3->tmp.peer_finish_md);
224 } 220}
225#endif 221#endif
226 222
227int ssl3_get_finished(SSL *s, int a, int b) 223int
228 { 224ssl3_get_finished(SSL *s, int a, int b)
229 int al,i,ok; 225{
226 int al, i, ok;
230 long n; 227 long n;
231 unsigned char *p; 228 unsigned char *p;
232 229
@@ -236,64 +233,55 @@ int ssl3_get_finished(SSL *s, int a, int b)
236 */ 233 */
237#endif 234#endif
238 235
239 n=s->method->ssl_get_message(s, 236 n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,
240 a, 237 64, /* should actually be 36+4 :-) */ &ok);
241 b,
242 SSL3_MT_FINISHED,
243 64, /* should actually be 36+4 :-) */
244 &ok);
245 238
246 if (!ok) return((int)n); 239 if (!ok)
240 return ((int)n);
247 241
248 /* If this occurs, we have missed a message */ 242 /* If this occurs, we have missed a message */
249 if (!s->s3->change_cipher_spec) 243 if (!s->s3->change_cipher_spec) {
250 { 244 al = SSL_AD_UNEXPECTED_MESSAGE;
251 al=SSL_AD_UNEXPECTED_MESSAGE; 245 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
252 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
253 goto f_err; 246 goto f_err;
254 } 247 }
255 s->s3->change_cipher_spec=0; 248 s->s3->change_cipher_spec = 0;
256 249
257 p = (unsigned char *)s->init_msg; 250 p = (unsigned char *)s->init_msg;
258 i = s->s3->tmp.peer_finish_md_len; 251 i = s->s3->tmp.peer_finish_md_len;
259 252
260 if (i != n) 253 if (i != n) {
261 { 254 al = SSL_AD_DECODE_ERROR;
262 al=SSL_AD_DECODE_ERROR; 255 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
263 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
264 goto f_err; 256 goto f_err;
265 } 257 }
266 258
267 if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) 259 if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {
268 { 260 al = SSL_AD_DECRYPT_ERROR;
269 al=SSL_AD_DECRYPT_ERROR; 261 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
270 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
271 goto f_err; 262 goto f_err;
272 } 263 }
273 264
274 /* Copy the finished so we can use it for 265 /* Copy the finished so we can use it for
275 renegotiation checks */ 266 renegotiation checks */
276 if(s->type == SSL_ST_ACCEPT) 267 if (s->type == SSL_ST_ACCEPT) {
277 { 268 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
278 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 269 memcpy(s->s3->previous_client_finished,
279 memcpy(s->s3->previous_client_finished, 270 s->s3->tmp.peer_finish_md, i);
280 s->s3->tmp.peer_finish_md, i); 271 s->s3->previous_client_finished_len = i;
281 s->s3->previous_client_finished_len=i; 272 } else {
282 } 273 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
283 else 274 memcpy(s->s3->previous_server_finished,
284 { 275 s->s3->tmp.peer_finish_md, i);
285 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 276 s->s3->previous_server_finished_len = i;
286 memcpy(s->s3->previous_server_finished,
287 s->s3->tmp.peer_finish_md, i);
288 s->s3->previous_server_finished_len=i;
289 }
290
291 return(1);
292f_err:
293 ssl3_send_alert(s,SSL3_AL_FATAL,al);
294 return(0);
295 } 277 }
296 278
279 return (1);
280f_err:
281 ssl3_send_alert(s, SSL3_AL_FATAL, al);
282 return (0);
283}
284
297/* for these 2 messages, we need to 285/* for these 2 messages, we need to
298 * ssl->enc_read_ctx re-init 286 * ssl->enc_read_ctx re-init
299 * ssl->s3->read_sequence zero 287 * ssl->s3->read_sequence zero
@@ -302,48 +290,49 @@ f_err:
302 * ssl->session->read_compression assign 290 * ssl->session->read_compression assign
303 * ssl->session->read_hash assign 291 * ssl->session->read_hash assign
304 */ 292 */
305int ssl3_send_change_cipher_spec(SSL *s, int a, int b) 293int
306 { 294ssl3_send_change_cipher_spec(SSL *s, int a, int b)
295{
307 unsigned char *p; 296 unsigned char *p;
308 297
309 if (s->state == a) 298 if (s->state == a) {
310 { 299 p = (unsigned char *)s->init_buf->data;
311 p=(unsigned char *)s->init_buf->data; 300 *p = SSL3_MT_CCS;
312 *p=SSL3_MT_CCS; 301 s->init_num = 1;
313 s->init_num=1; 302 s->init_off = 0;
314 s->init_off=0;
315 303
316 s->state=b; 304 s->state = b;
317 } 305 }
318 306
319 /* SSL3_ST_CW_CHANGE_B */ 307 /* SSL3_ST_CW_CHANGE_B */
320 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); 308 return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
321 } 309}
322 310
323static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) 311static int
324 { 312ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
313{
325 int n; 314 int n;
326 unsigned char *p; 315 unsigned char *p;
327 316
328 n=i2d_X509(x,NULL); 317 n = i2d_X509(x, NULL);
329 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) 318 if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) {
330 { 319 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
331 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); 320 return (-1);
332 return(-1);
333 }
334 p=(unsigned char *)&(buf->data[*l]);
335 l2n3(n,p);
336 i2d_X509(x,&p);
337 *l+=n+3;
338
339 return(0);
340 } 321 }
322 p = (unsigned char *)&(buf->data[*l]);
323 l2n3(n, p);
324 i2d_X509(x, &p);
325 *l += n + 3;
341 326
342unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) 327 return (0);
343 { 328}
329
330unsigned long
331ssl3_output_cert_chain(SSL *s, X509 *x)
332{
344 unsigned char *p; 333 unsigned char *p;
345 int i; 334 int i;
346 unsigned long l=7; 335 unsigned long l = 7;
347 BUF_MEM *buf; 336 BUF_MEM *buf;
348 int no_chain; 337 int no_chain;
349 338
@@ -353,111 +342,99 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
353 no_chain = 0; 342 no_chain = 0;
354 343
355 /* TLSv1 sends a chain with nothing in it, instead of an alert */ 344 /* TLSv1 sends a chain with nothing in it, instead of an alert */
356 buf=s->init_buf; 345 buf = s->init_buf;
357 if (!BUF_MEM_grow_clean(buf,10)) 346 if (!BUF_MEM_grow_clean(buf, 10)) {
358 { 347 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
359 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); 348 return (0);
360 return(0); 349 }
361 } 350 if (x != NULL) {
362 if (x != NULL) 351 if (no_chain) {
363 {
364 if (no_chain)
365 {
366 if (ssl3_add_cert_to_buf(buf, &l, x)) 352 if (ssl3_add_cert_to_buf(buf, &l, x))
367 return(0); 353 return (0);
368 } 354 } else {
369 else
370 {
371 X509_STORE_CTX xs_ctx; 355 X509_STORE_CTX xs_ctx;
372 356
373 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) 357 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
374 { 358 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
375 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 359 return (0);
376 return(0); 360 }
377 }
378 X509_verify_cert(&xs_ctx); 361 X509_verify_cert(&xs_ctx);
379 /* Don't leave errors in the queue */ 362 /* Don't leave errors in the queue */
380 ERR_clear_error(); 363 ERR_clear_error();
381 for (i=0; i < sk_X509_num(xs_ctx.chain); i++) 364 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
382 {
383 x = sk_X509_value(xs_ctx.chain, i); 365 x = sk_X509_value(xs_ctx.chain, i);
384 366
385 if (ssl3_add_cert_to_buf(buf, &l, x)) 367 if (ssl3_add_cert_to_buf(buf, &l, x)) {
386 {
387 X509_STORE_CTX_cleanup(&xs_ctx); 368 X509_STORE_CTX_cleanup(&xs_ctx);
388 return 0; 369 return 0;
389 }
390 } 370 }
391 X509_STORE_CTX_cleanup(&xs_ctx);
392 } 371 }
372 X509_STORE_CTX_cleanup(&xs_ctx);
393 } 373 }
374 }
394 /* Thawte special :-) */ 375 /* Thawte special :-) */
395 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) 376 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
396 { 377 x = sk_X509_value(s->ctx->extra_certs, i);
397 x=sk_X509_value(s->ctx->extra_certs,i);
398 if (ssl3_add_cert_to_buf(buf, &l, x)) 378 if (ssl3_add_cert_to_buf(buf, &l, x))
399 return(0); 379 return (0);
400 }
401
402 l-=7;
403 p=(unsigned char *)&(buf->data[4]);
404 l2n3(l,p);
405 l+=3;
406 p=(unsigned char *)&(buf->data[0]);
407 *(p++)=SSL3_MT_CERTIFICATE;
408 l2n3(l,p);
409 l+=4;
410 return(l);
411 } 380 }
412 381
382 l -= 7;
383 p = (unsigned char *)&(buf->data[4]);
384 l2n3(l, p);
385 l += 3;
386 p = (unsigned char *)&(buf->data[0]);
387 *(p++) = SSL3_MT_CERTIFICATE;
388 l2n3(l, p);
389 l += 4;
390 return (l);
391}
392
413/* Obtain handshake message of message type 'mt' (any if mt == -1), 393/* Obtain handshake message of message type 'mt' (any if mt == -1),
414 * maximum acceptable body length 'max'. 394 * maximum acceptable body length 'max'.
415 * The first four bytes (msg_type and length) are read in state 'st1', 395 * The first four bytes (msg_type and length) are read in state 'st1',
416 * the body is read in state 'stn'. 396 * the body is read in state 'stn'.
417 */ 397 */
418long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 398long
419 { 399ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
400{
420 unsigned char *p; 401 unsigned char *p;
421 unsigned long l; 402 unsigned long l;
422 long n; 403 long n;
423 int i,al; 404 int i, al;
424 405
425 if (s->s3->tmp.reuse_message) 406 if (s->s3->tmp.reuse_message) {
426 { 407 s->s3->tmp.reuse_message = 0;
427 s->s3->tmp.reuse_message=0; 408 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
428 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) 409 al = SSL_AD_UNEXPECTED_MESSAGE;
429 { 410 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
430 al=SSL_AD_UNEXPECTED_MESSAGE;
431 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
432 goto f_err; 411 goto f_err;
433 } 412 }
434 *ok=1; 413 *ok = 1;
435 s->init_msg = s->init_buf->data + 4; 414 s->init_msg = s->init_buf->data + 4;
436 s->init_num = (int)s->s3->tmp.message_size; 415 s->init_num = (int)s->s3->tmp.message_size;
437 return s->init_num; 416 return s->init_num;
438 } 417 }
439 418
440 p=(unsigned char *)s->init_buf->data; 419 p = (unsigned char *)s->init_buf->data;
441 420
442 if (s->state == st1) /* s->init_num < 4 */ 421 if (s->state == st1) /* s->init_num < 4 */
443 { 422 {
444 int skip_message; 423 int skip_message;
445 424
446 do 425 do {
447 { 426 while (s->init_num < 4) {
448 while (s->init_num < 4) 427 i = s->method->ssl_read_bytes(s,
449 { 428 SSL3_RT_HANDSHAKE, &p[s->init_num],
450 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 429 4 - s->init_num, 0);
451 &p[s->init_num],4 - s->init_num, 0); 430 if (i <= 0) {
452 if (i <= 0) 431 s->rwstate = SSL_READING;
453 {
454 s->rwstate=SSL_READING;
455 *ok = 0; 432 *ok = 0;
456 return i; 433 return i;
457 }
458 s->init_num+=i;
459 } 434 }
460 435 s->init_num += i;
436 }
437
461 skip_message = 0; 438 skip_message = 0;
462 if (!s->server) 439 if (!s->server)
463 if (p[0] == SSL3_MT_HELLO_REQUEST) 440 if (p[0] == SSL3_MT_HELLO_REQUEST)
@@ -465,79 +442,72 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
465 * we are doing a handshake anyway now, so ignore them 442 * we are doing a handshake anyway now, so ignore them
466 * if their format is correct. Does not count for 443 * if their format is correct. Does not count for
467 * 'Finished' MAC. */ 444 * 'Finished' MAC. */
468 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) 445 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) {
469 { 446 s->init_num = 0;
470 s->init_num = 0; 447 skip_message = 1;
471 skip_message = 1; 448
472 449 if (s->msg_callback)
473 if (s->msg_callback) 450 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
474 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
475 }
476 } 451 }
452 }
477 while (skip_message); 453 while (skip_message);
478 454
479 /* s->init_num == 4 */ 455 /* s->init_num == 4 */
480 456
481 if ((mt >= 0) && (*p != mt)) 457 if ((mt >= 0) && (*p != mt)) {
482 { 458 al = SSL_AD_UNEXPECTED_MESSAGE;
483 al=SSL_AD_UNEXPECTED_MESSAGE; 459 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
484 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
485 goto f_err; 460 goto f_err;
486 } 461 }
487 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && 462 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
488 (st1 == SSL3_ST_SR_CERT_A) && 463 (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) {
489 (stn == SSL3_ST_SR_CERT_B))
490 {
491 /* At this point we have got an MS SGC second client 464 /* At this point we have got an MS SGC second client
492 * hello (maybe we should always allow the client to 465 * hello (maybe we should always allow the client to
493 * start a new handshake?). We need to restart the mac. 466 * start a new handshake?). We need to restart the mac.
494 * Don't increment {num,total}_renegotiations because 467 * Don't increment {num,total}_renegotiations because
495 * we have not completed the handshake. */ 468 * we have not completed the handshake. */
496 ssl3_init_finished_mac(s); 469 ssl3_init_finished_mac(s);
497 } 470 }
498 471
499 s->s3->tmp.message_type= *(p++); 472 s->s3->tmp.message_type= *(p++);
500 473
501 n2l3(p,l); 474 n2l3(p, l);
502 if (l > (unsigned long)max) 475 if (l > (unsigned long)max) {
503 { 476 al = SSL_AD_ILLEGAL_PARAMETER;
504 al=SSL_AD_ILLEGAL_PARAMETER; 477 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
505 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
506 goto f_err; 478 goto f_err;
507 } 479 }
508 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ 480 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
509 { 481 {
510 al=SSL_AD_ILLEGAL_PARAMETER; 482 al = SSL_AD_ILLEGAL_PARAMETER;
511 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); 483 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
512 goto f_err; 484 goto f_err;
513 } 485 }
514 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) 486 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l + 4)) {
515 { 487 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
516 SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
517 goto err; 488 goto err;
518 } 489 }
519 s->s3->tmp.message_size=l; 490 s->s3->tmp.message_size = l;
520 s->state=stn; 491 s->state = stn;
521 492
522 s->init_msg = s->init_buf->data + 4; 493 s->init_msg = s->init_buf->data + 4;
523 s->init_num = 0; 494 s->init_num = 0;
524 } 495 }
525 496
526 /* next state (stn) */ 497 /* next state (stn) */
527 p = s->init_msg; 498 p = s->init_msg;
528 n = s->s3->tmp.message_size - s->init_num; 499 n = s->s3->tmp.message_size - s->init_num;
529 while (n > 0) 500 while (n > 0) {
530 { 501 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
531 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); 502 &p[s->init_num], n, 0);
532 if (i <= 0) 503 if (i <= 0) {
533 { 504 s->rwstate = SSL_READING;
534 s->rwstate=SSL_READING;
535 *ok = 0; 505 *ok = 0;
536 return i; 506 return i;
537 } 507 }
538 s->init_num += i; 508 s->init_num += i;
539 n -= i; 509 n -= i;
540 } 510 }
541 511
542#ifndef OPENSSL_NO_NEXTPROTONEG 512#ifndef OPENSSL_NO_NEXTPROTONEG
543 /* If receiving Finished, record MAC of prior handshake messages for 513 /* If receiving Finished, record MAC of prior handshake messages for
@@ -550,64 +520,60 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
550 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); 520 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
551 if (s->msg_callback) 521 if (s->msg_callback)
552 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); 522 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
553 *ok=1; 523 *ok = 1;
554 return s->init_num; 524 return s->init_num;
555f_err: 525f_err:
556 ssl3_send_alert(s,SSL3_AL_FATAL,al); 526 ssl3_send_alert(s, SSL3_AL_FATAL, al);
557err: 527err:
558 *ok=0; 528 *ok = 0;
559 return(-1); 529 return (-1);
560 } 530}
561 531
562int ssl_cert_type(X509 *x, EVP_PKEY *pkey) 532int
563 { 533ssl_cert_type(X509 *x, EVP_PKEY *pkey)
534{
564 EVP_PKEY *pk; 535 EVP_PKEY *pk;
565 int ret= -1,i; 536 int ret = -1, i;
566 537
567 if (pkey == NULL) 538 if (pkey == NULL)
568 pk=X509_get_pubkey(x); 539 pk = X509_get_pubkey(x);
569 else 540 else
570 pk=pkey; 541 pk = pkey;
571 if (pk == NULL) goto err; 542 if (pk == NULL)
572 543 goto err;
573 i=pk->type; 544
574 if (i == EVP_PKEY_RSA) 545 i = pk->type;
575 { 546 if (i == EVP_PKEY_RSA) {
576 ret=SSL_PKEY_RSA_ENC; 547 ret = SSL_PKEY_RSA_ENC;
577 } 548 } else if (i == EVP_PKEY_DSA) {
578 else if (i == EVP_PKEY_DSA) 549 ret = SSL_PKEY_DSA_SIGN;
579 { 550 }
580 ret=SSL_PKEY_DSA_SIGN;
581 }
582#ifndef OPENSSL_NO_EC 551#ifndef OPENSSL_NO_EC
583 else if (i == EVP_PKEY_EC) 552 else if (i == EVP_PKEY_EC) {
584 {
585 ret = SSL_PKEY_ECC; 553 ret = SSL_PKEY_ECC;
586 } 554 }
587#endif 555#endif
588 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) 556 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
589 {
590 ret = SSL_PKEY_GOST94; 557 ret = SSL_PKEY_GOST94;
591 } 558 } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
592 else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc)
593 {
594 ret = SSL_PKEY_GOST01; 559 ret = SSL_PKEY_GOST01;
595 }
596err:
597 if(!pkey) EVP_PKEY_free(pk);
598 return(ret);
599 } 560 }
561err:
562 if (!pkey)
563 EVP_PKEY_free(pk);
564 return (ret);
565}
600 566
601int ssl_verify_alarm_type(long type) 567int
602 { 568ssl_verify_alarm_type(long type)
569{
603 int al; 570 int al;
604 571
605 switch(type) 572 switch (type) {
606 {
607 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 573 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
608 case X509_V_ERR_UNABLE_TO_GET_CRL: 574 case X509_V_ERR_UNABLE_TO_GET_CRL:
609 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 575 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
610 al=SSL_AD_UNKNOWN_CA; 576 al = SSL_AD_UNKNOWN_CA;
611 break; 577 break;
612 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 578 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
613 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 579 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
@@ -620,21 +586,21 @@ int ssl_verify_alarm_type(long type)
620 case X509_V_ERR_CRL_NOT_YET_VALID: 586 case X509_V_ERR_CRL_NOT_YET_VALID:
621 case X509_V_ERR_CERT_UNTRUSTED: 587 case X509_V_ERR_CERT_UNTRUSTED:
622 case X509_V_ERR_CERT_REJECTED: 588 case X509_V_ERR_CERT_REJECTED:
623 al=SSL_AD_BAD_CERTIFICATE; 589 al = SSL_AD_BAD_CERTIFICATE;
624 break; 590 break;
625 case X509_V_ERR_CERT_SIGNATURE_FAILURE: 591 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
626 case X509_V_ERR_CRL_SIGNATURE_FAILURE: 592 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
627 al=SSL_AD_DECRYPT_ERROR; 593 al = SSL_AD_DECRYPT_ERROR;
628 break; 594 break;
629 case X509_V_ERR_CERT_HAS_EXPIRED: 595 case X509_V_ERR_CERT_HAS_EXPIRED:
630 case X509_V_ERR_CRL_HAS_EXPIRED: 596 case X509_V_ERR_CRL_HAS_EXPIRED:
631 al=SSL_AD_CERTIFICATE_EXPIRED; 597 al = SSL_AD_CERTIFICATE_EXPIRED;
632 break; 598 break;
633 case X509_V_ERR_CERT_REVOKED: 599 case X509_V_ERR_CERT_REVOKED:
634 al=SSL_AD_CERTIFICATE_REVOKED; 600 al = SSL_AD_CERTIFICATE_REVOKED;
635 break; 601 break;
636 case X509_V_ERR_OUT_OF_MEM: 602 case X509_V_ERR_OUT_OF_MEM:
637 al=SSL_AD_INTERNAL_ERROR; 603 al = SSL_AD_INTERNAL_ERROR;
638 break; 604 break;
639 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 605 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
640 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 606 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
@@ -643,20 +609,20 @@ int ssl_verify_alarm_type(long type)
643 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 609 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
644 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 610 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
645 case X509_V_ERR_INVALID_CA: 611 case X509_V_ERR_INVALID_CA:
646 al=SSL_AD_UNKNOWN_CA; 612 al = SSL_AD_UNKNOWN_CA;
647 break; 613 break;
648 case X509_V_ERR_APPLICATION_VERIFICATION: 614 case X509_V_ERR_APPLICATION_VERIFICATION:
649 al=SSL_AD_HANDSHAKE_FAILURE; 615 al = SSL_AD_HANDSHAKE_FAILURE;
650 break; 616 break;
651 case X509_V_ERR_INVALID_PURPOSE: 617 case X509_V_ERR_INVALID_PURPOSE:
652 al=SSL_AD_UNSUPPORTED_CERTIFICATE; 618 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
653 break; 619 break;
654 default: 620 default:
655 al=SSL_AD_CERTIFICATE_UNKNOWN; 621 al = SSL_AD_CERTIFICATE_UNKNOWN;
656 break; 622 break;
657 }
658 return(al);
659 } 623 }
624 return (al);
625}
660 626
661#ifndef OPENSSL_NO_BUF_FREELISTS 627#ifndef OPENSSL_NO_BUF_FREELISTS
662/* On some platforms, malloc() performance is bad enough that you can't just 628/* On some platforms, malloc() performance is bad enough that you can't just
@@ -680,7 +646,7 @@ int ssl_verify_alarm_type(long type)
680 */ 646 */
681static void * 647static void *
682freelist_extract(SSL_CTX *ctx, int for_read, int sz) 648freelist_extract(SSL_CTX *ctx, int for_read, int sz)
683 { 649{
684 SSL3_BUF_FREELIST *list; 650 SSL3_BUF_FREELIST *list;
685 SSL3_BUF_FREELIST_ENTRY *ent = NULL; 651 SSL3_BUF_FREELIST_ENTRY *ent = NULL;
686 void *result = NULL; 652 void *result = NULL;
@@ -689,13 +655,12 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz)
689 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; 655 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
690 if (list != NULL && sz == (int)list->chunklen) 656 if (list != NULL && sz == (int)list->chunklen)
691 ent = list->head; 657 ent = list->head;
692 if (ent != NULL) 658 if (ent != NULL) {
693 {
694 list->head = ent->next; 659 list->head = ent->next;
695 result = ent; 660 result = ent;
696 if (--list->len == 0) 661 if (--list->len == 0)
697 list->chunklen = 0; 662 list->chunklen = 0;
698 } 663 }
699 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 664 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
700 if (!result) 665 if (!result)
701 result = OPENSSL_malloc(sz); 666 result = OPENSSL_malloc(sz);
@@ -704,80 +669,76 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz)
704 669
705static void 670static void
706freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) 671freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
707 { 672{
708 SSL3_BUF_FREELIST *list; 673 SSL3_BUF_FREELIST *list;
709 SSL3_BUF_FREELIST_ENTRY *ent; 674 SSL3_BUF_FREELIST_ENTRY *ent;
710 675
711 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 676 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
712 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; 677 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
713 if (list != NULL && 678 if (list != NULL && (sz == list->chunklen || list->chunklen == 0) &&
714 (sz == list->chunklen || list->chunklen == 0) && 679 list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
715 list->len < ctx->freelist_max_len &&
716 sz >= sizeof(*ent))
717 {
718 list->chunklen = sz; 680 list->chunklen = sz;
719 ent = mem; 681 ent = mem;
720 ent->next = list->head; 682 ent->next = list->head;
721 list->head = ent; 683 list->head = ent;
722 ++list->len; 684 ++list->len;
723 mem = NULL; 685 mem = NULL;
724 } 686 }
725 687
726 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 688 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
727 if (mem) 689 if (mem)
728 OPENSSL_free(mem); 690 OPENSSL_free(mem);
729 } 691}
730#else 692#else
731#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) 693#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
732#define freelist_insert(c,fr,sz,m) OPENSSL_free(m) 694#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
733#endif 695#endif
734 696
735int ssl3_setup_read_buffer(SSL *s) 697int
736 { 698ssl3_setup_read_buffer(SSL *s)
699{
737 unsigned char *p; 700 unsigned char *p;
738 size_t len,align=0,headerlen; 701 size_t len, align = 0, headerlen;
739 702
740 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 703 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
741 headerlen = DTLS1_RT_HEADER_LENGTH; 704 headerlen = DTLS1_RT_HEADER_LENGTH;
742 else 705 else
743 headerlen = SSL3_RT_HEADER_LENGTH; 706 headerlen = SSL3_RT_HEADER_LENGTH;
744 707
745#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 708#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
746 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); 709 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1);
747#endif 710#endif
748 711
749 if (s->s3->rbuf.buf == NULL) 712 if (s->s3->rbuf.buf == NULL) {
750 { 713 len = SSL3_RT_MAX_PLAIN_LENGTH +
751 len = SSL3_RT_MAX_PLAIN_LENGTH 714 SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
752 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD 715 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
753 + headerlen + align;
754 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
755 {
756 s->s3->init_extra = 1; 716 s->s3->init_extra = 1;
757 len += SSL3_RT_MAX_EXTRA; 717 len += SSL3_RT_MAX_EXTRA;
758 } 718 }
759#ifndef OPENSSL_NO_COMP 719#ifndef OPENSSL_NO_COMP
760 if (!(s->options & SSL_OP_NO_COMPRESSION)) 720 if (!(s->options & SSL_OP_NO_COMPRESSION))
761 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; 721 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
762#endif 722#endif
763 if ((p=freelist_extract(s->ctx, 1, len)) == NULL) 723 if ((p = freelist_extract(s->ctx, 1, len)) == NULL)
764 goto err; 724 goto err;
765 s->s3->rbuf.buf = p; 725 s->s3->rbuf.buf = p;
766 s->s3->rbuf.len = len; 726 s->s3->rbuf.len = len;
767 } 727 }
768 728
769 s->packet= &(s->s3->rbuf.buf[0]); 729 s->packet = &(s->s3->rbuf.buf[0]);
770 return 1; 730 return 1;
771 731
772err: 732err:
773 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE); 733 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
774 return 0; 734 return 0;
775 } 735}
776 736
777int ssl3_setup_write_buffer(SSL *s) 737int
778 { 738ssl3_setup_write_buffer(SSL *s)
739{
779 unsigned char *p; 740 unsigned char *p;
780 size_t len,align=0,headerlen; 741 size_t len, align = 0, headerlen;
781 742
782 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 743 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
783 headerlen = DTLS1_RT_HEADER_LENGTH + 1; 744 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
@@ -785,62 +746,61 @@ int ssl3_setup_write_buffer(SSL *s)
785 headerlen = SSL3_RT_HEADER_LENGTH; 746 headerlen = SSL3_RT_HEADER_LENGTH;
786 747
787#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 748#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
788 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); 749 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1);
789#endif 750#endif
790 751
791 if (s->s3->wbuf.buf == NULL) 752 if (s->s3->wbuf.buf == NULL) {
792 { 753 len = s->max_send_fragment +
793 len = s->max_send_fragment 754 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
794 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
795 + headerlen + align;
796#ifndef OPENSSL_NO_COMP 755#ifndef OPENSSL_NO_COMP
797 if (!(s->options & SSL_OP_NO_COMPRESSION)) 756 if (!(s->options & SSL_OP_NO_COMPRESSION))
798 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; 757 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
799#endif 758#endif
800 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 759 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
801 len += headerlen + align 760 len += headerlen + align +
802 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 761 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
803 762
804 if ((p=freelist_extract(s->ctx, 0, len)) == NULL) 763 if ((p = freelist_extract(s->ctx, 0, len)) == NULL)
805 goto err; 764 goto err;
806 s->s3->wbuf.buf = p; 765 s->s3->wbuf.buf = p;
807 s->s3->wbuf.len = len; 766 s->s3->wbuf.len = len;
808 } 767 }
809 768
810 return 1; 769 return 1;
811 770
812err: 771err:
813 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE); 772 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
814 return 0; 773 return 0;
815 } 774}
816 775
817 776
818int ssl3_setup_buffers(SSL *s) 777int
819 { 778ssl3_setup_buffers(SSL *s)
779{
820 if (!ssl3_setup_read_buffer(s)) 780 if (!ssl3_setup_read_buffer(s))
821 return 0; 781 return 0;
822 if (!ssl3_setup_write_buffer(s)) 782 if (!ssl3_setup_write_buffer(s))
823 return 0; 783 return 0;
824 return 1; 784 return 1;
825 } 785}
826 786
827int ssl3_release_write_buffer(SSL *s) 787int
828 { 788ssl3_release_write_buffer(SSL *s)
829 if (s->s3->wbuf.buf != NULL) 789{
830 { 790 if (s->s3->wbuf.buf != NULL) {
831 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); 791 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
832 s->s3->wbuf.buf = NULL; 792 s->s3->wbuf.buf = NULL;
833 }
834 return 1;
835 } 793 }
794 return 1;
795}
836 796
837int ssl3_release_read_buffer(SSL *s) 797int
838 { 798ssl3_release_read_buffer(SSL *s)
839 if (s->s3->rbuf.buf != NULL) 799{
840 { 800 if (s->s3->rbuf.buf != NULL) {
841 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); 801 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
842 s->s3->rbuf.buf = NULL; 802 s->s3->rbuf.buf = NULL;
843 }
844 return 1;
845 } 803 }
804 return 1;
805}
846 806
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 12:14:29 +0000