summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_both.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_both.c')
-rw-r--r--src/lib/libssl/s3_both.c668
1 files changed, 314 insertions, 354 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 77f825af31..b2fd5c6f80 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -125,82 +125,81 @@
125#include <openssl/x509.h> 125#include <openssl/x509.h>
126 126
127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ 127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
128int ssl3_do_write(SSL *s, int type) 128int
129 { 129ssl3_do_write(SSL *s, int type)
130{
130 int ret; 131 int ret;
131 132
132 ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], 133 ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
133 s->init_num); 134 s->init_num);
134 if (ret < 0) return(-1); 135 if (ret < 0)
136 return (-1);
135 if (type == SSL3_RT_HANDSHAKE) 137 if (type == SSL3_RT_HANDSHAKE)
136 /* should not be done for 'Hello Request's, but in that case 138 /* should not be done for 'Hello Request's, but in that case
137 * we'll ignore the result anyway */ 139 * we'll ignore the result anyway */
138 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); 140 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret);
139 141
140 if (ret == s->init_num) 142 if (ret == s->init_num) {
141 {
142 if (s->msg_callback) 143 if (s->msg_callback)
143 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); 144 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
144 return(1); 145 return (1);
145 }
146 s->init_off+=ret;
147 s->init_num-=ret;
148 return(0);
149 } 146 }
147 s->init_off += ret;
148 s->init_num -= ret;
149 return (0);
150}
150 151
151int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) 152int
152 { 153ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
153 unsigned char *p,*d; 154{
155 unsigned char *p, *d;
154 int i; 156 int i;
155 unsigned long l; 157 unsigned long l;
156 158
157 if (s->state == a) 159 if (s->state == a) {
158 { 160 d = (unsigned char *)s->init_buf->data;
159 d=(unsigned char *)s->init_buf->data; 161 p = &(d[4]);
160 p= &(d[4]);
161 162
162 i=s->method->ssl3_enc->final_finish_mac(s, 163 i = s->method->ssl3_enc->final_finish_mac(s,
163 sender,slen,s->s3->tmp.finish_md); 164 sender, slen, s->s3->tmp.finish_md);
164 if (i == 0) 165 if (i == 0)
165 return 0; 166 return 0;
166 s->s3->tmp.finish_md_len = i; 167 s->s3->tmp.finish_md_len = i;
167 memcpy(p, s->s3->tmp.finish_md, i); 168 memcpy(p, s->s3->tmp.finish_md, i);
168 p+=i; 169 p += i;
169 l=i; 170 l = i;
170 171
171 /* Copy the finished so we can use it for 172 /* Copy the finished so we can use it for
172 renegotiation checks */ 173 renegotiation checks */
173 if(s->type == SSL_ST_CONNECT) 174 if (s->type == SSL_ST_CONNECT) {
174 { 175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 176 memcpy(s->s3->previous_client_finished,
176 memcpy(s->s3->previous_client_finished, 177 s->s3->tmp.finish_md, i);
177 s->s3->tmp.finish_md, i); 178 s->s3->previous_client_finished_len = i;
178 s->s3->previous_client_finished_len=i; 179 } else {
179 } 180 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
180 else 181 memcpy(s->s3->previous_server_finished,
181 { 182 s->s3->tmp.finish_md, i);
182 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 183 s->s3->previous_server_finished_len = i;
183 memcpy(s->s3->previous_server_finished,
184 s->s3->tmp.finish_md, i);
185 s->s3->previous_server_finished_len=i;
186 }
187
188 *(d++)=SSL3_MT_FINISHED;
189 l2n3(l,d);
190 s->init_num=(int)l+4;
191 s->init_off=0;
192
193 s->state=b;
194 } 184 }
195 185
196 /* SSL3_ST_SEND_xxxxxx_HELLO_B */ 186 *(d++) = SSL3_MT_FINISHED;
197 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 187 l2n3(l, d);
188 s->init_num = (int)l + 4;
189 s->init_off = 0;
190
191 s->state = b;
198 } 192 }
199 193
194 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
195 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
196}
197
200#ifndef OPENSSL_NO_NEXTPROTONEG 198#ifndef OPENSSL_NO_NEXTPROTONEG
201/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ 199/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
202static void ssl3_take_mac(SSL *s) 200static void
203 { 201ssl3_take_mac(SSL *s)
202{
204 const char *sender; 203 const char *sender;
205 int slen; 204 int slen;
206 /* If no new cipher setup return immediately: other functions will 205 /* If no new cipher setup return immediately: other functions will
@@ -208,25 +207,23 @@ static void ssl3_take_mac(SSL *s)
208 */ 207 */
209 if (s->s3->tmp.new_cipher == NULL) 208 if (s->s3->tmp.new_cipher == NULL)
210 return; 209 return;
211 if (s->state & SSL_ST_CONNECT) 210 if (s->state & SSL_ST_CONNECT) {
212 { 211 sender = s->method->ssl3_enc->server_finished_label;
213 sender=s->method->ssl3_enc->server_finished_label; 212 slen = s->method->ssl3_enc->server_finished_label_len;
214 slen=s->method->ssl3_enc->server_finished_label_len; 213 } else {
215 } 214 sender = s->method->ssl3_enc->client_finished_label;
216 else 215 slen = s->method->ssl3_enc->client_finished_label_len;
217 { 216 }
218 sender=s->method->ssl3_enc->client_finished_label;
219 slen=s->method->ssl3_enc->client_finished_label_len;
220 }
221 217
222 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, 218 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
223 sender,slen,s->s3->tmp.peer_finish_md); 219 sender, slen, s->s3->tmp.peer_finish_md);
224 } 220}
225#endif 221#endif
226 222
227int ssl3_get_finished(SSL *s, int a, int b) 223int
228 { 224ssl3_get_finished(SSL *s, int a, int b)
229 int al,i,ok; 225{
226 int al, i, ok;
230 long n; 227 long n;
231 unsigned char *p; 228 unsigned char *p;
232 229
@@ -236,64 +233,55 @@ int ssl3_get_finished(SSL *s, int a, int b)
236 */ 233 */
237#endif 234#endif
238 235
239 n=s->method->ssl_get_message(s, 236 n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,
240 a, 237 64, /* should actually be 36+4 :-) */ &ok);
241 b,
242 SSL3_MT_FINISHED,
243 64, /* should actually be 36+4 :-) */
244 &ok);
245 238
246 if (!ok) return((int)n); 239 if (!ok)
240 return ((int)n);
247 241
248 /* If this occurs, we have missed a message */ 242 /* If this occurs, we have missed a message */
249 if (!s->s3->change_cipher_spec) 243 if (!s->s3->change_cipher_spec) {
250 { 244 al = SSL_AD_UNEXPECTED_MESSAGE;
251 al=SSL_AD_UNEXPECTED_MESSAGE; 245 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
252 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
253 goto f_err; 246 goto f_err;
254 } 247 }
255 s->s3->change_cipher_spec=0; 248 s->s3->change_cipher_spec = 0;
256 249
257 p = (unsigned char *)s->init_msg; 250 p = (unsigned char *)s->init_msg;
258 i = s->s3->tmp.peer_finish_md_len; 251 i = s->s3->tmp.peer_finish_md_len;
259 252
260 if (i != n) 253 if (i != n) {
261 { 254 al = SSL_AD_DECODE_ERROR;
262 al=SSL_AD_DECODE_ERROR; 255 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
263 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
264 goto f_err; 256 goto f_err;
265 } 257 }
266 258
267 if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) 259 if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {
268 { 260 al = SSL_AD_DECRYPT_ERROR;
269 al=SSL_AD_DECRYPT_ERROR; 261 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
270 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
271 goto f_err; 262 goto f_err;
272 } 263 }
273 264
274 /* Copy the finished so we can use it for 265 /* Copy the finished so we can use it for
275 renegotiation checks */ 266 renegotiation checks */
276 if(s->type == SSL_ST_ACCEPT) 267 if (s->type == SSL_ST_ACCEPT) {
277 { 268 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
278 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 269 memcpy(s->s3->previous_client_finished,
279 memcpy(s->s3->previous_client_finished, 270 s->s3->tmp.peer_finish_md, i);
280 s->s3->tmp.peer_finish_md, i); 271 s->s3->previous_client_finished_len = i;
281 s->s3->previous_client_finished_len=i; 272 } else {
282 } 273 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
283 else 274 memcpy(s->s3->previous_server_finished,
284 { 275 s->s3->tmp.peer_finish_md, i);
285 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 276 s->s3->previous_server_finished_len = i;
286 memcpy(s->s3->previous_server_finished,
287 s->s3->tmp.peer_finish_md, i);
288 s->s3->previous_server_finished_len=i;
289 }
290
291 return(1);
292f_err:
293 ssl3_send_alert(s,SSL3_AL_FATAL,al);
294 return(0);
295 } 277 }
296 278
279 return (1);
280f_err:
281 ssl3_send_alert(s, SSL3_AL_FATAL, al);
282 return (0);
283}
284
297/* for these 2 messages, we need to 285/* for these 2 messages, we need to
298 * ssl->enc_read_ctx re-init 286 * ssl->enc_read_ctx re-init
299 * ssl->s3->read_sequence zero 287 * ssl->s3->read_sequence zero
@@ -302,48 +290,49 @@ f_err:
302 * ssl->session->read_compression assign 290 * ssl->session->read_compression assign
303 * ssl->session->read_hash assign 291 * ssl->session->read_hash assign
304 */ 292 */
305int ssl3_send_change_cipher_spec(SSL *s, int a, int b) 293int
306 { 294ssl3_send_change_cipher_spec(SSL *s, int a, int b)
295{
307 unsigned char *p; 296 unsigned char *p;
308 297
309 if (s->state == a) 298 if (s->state == a) {
310 { 299 p = (unsigned char *)s->init_buf->data;
311 p=(unsigned char *)s->init_buf->data; 300 *p = SSL3_MT_CCS;
312 *p=SSL3_MT_CCS; 301 s->init_num = 1;
313 s->init_num=1; 302 s->init_off = 0;
314 s->init_off=0;
315 303
316 s->state=b; 304 s->state = b;
317 } 305 }
318 306
319 /* SSL3_ST_CW_CHANGE_B */ 307 /* SSL3_ST_CW_CHANGE_B */
320 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); 308 return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
321 } 309}
322 310
323static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) 311static int
324 { 312ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
313{
325 int n; 314 int n;
326 unsigned char *p; 315 unsigned char *p;
327 316
328 n=i2d_X509(x,NULL); 317 n = i2d_X509(x, NULL);
329 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) 318 if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) {
330 { 319 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
331 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); 320 return (-1);
332 return(-1);
333 }
334 p=(unsigned char *)&(buf->data[*l]);
335 l2n3(n,p);
336 i2d_X509(x,&p);
337 *l+=n+3;
338
339 return(0);
340 } 321 }
322 p = (unsigned char *)&(buf->data[*l]);
323 l2n3(n, p);
324 i2d_X509(x, &p);
325 *l += n + 3;
341 326
342unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) 327 return (0);
343 { 328}
329
330unsigned long
331ssl3_output_cert_chain(SSL *s, X509 *x)
332{
344 unsigned char *p; 333 unsigned char *p;
345 int i; 334 int i;
346 unsigned long l=7; 335 unsigned long l = 7;
347 BUF_MEM *buf; 336 BUF_MEM *buf;
348 int no_chain; 337 int no_chain;
349 338
@@ -353,111 +342,99 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
353 no_chain = 0; 342 no_chain = 0;
354 343
355 /* TLSv1 sends a chain with nothing in it, instead of an alert */ 344 /* TLSv1 sends a chain with nothing in it, instead of an alert */
356 buf=s->init_buf; 345 buf = s->init_buf;
357 if (!BUF_MEM_grow_clean(buf,10)) 346 if (!BUF_MEM_grow_clean(buf, 10)) {
358 { 347 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
359 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); 348 return (0);
360 return(0); 349 }
361 } 350 if (x != NULL) {
362 if (x != NULL) 351 if (no_chain) {
363 {
364 if (no_chain)
365 {
366 if (ssl3_add_cert_to_buf(buf, &l, x)) 352 if (ssl3_add_cert_to_buf(buf, &l, x))
367 return(0); 353 return (0);
368 } 354 } else {
369 else
370 {
371 X509_STORE_CTX xs_ctx; 355 X509_STORE_CTX xs_ctx;
372 356
373 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) 357 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
374 { 358 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
375 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 359 return (0);
376 return(0); 360 }
377 }
378 X509_verify_cert(&xs_ctx); 361 X509_verify_cert(&xs_ctx);
379 /* Don't leave errors in the queue */ 362 /* Don't leave errors in the queue */
380 ERR_clear_error(); 363 ERR_clear_error();
381 for (i=0; i < sk_X509_num(xs_ctx.chain); i++) 364 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
382 {
383 x = sk_X509_value(xs_ctx.chain, i); 365 x = sk_X509_value(xs_ctx.chain, i);
384 366
385 if (ssl3_add_cert_to_buf(buf, &l, x)) 367 if (ssl3_add_cert_to_buf(buf, &l, x)) {
386 {
387 X509_STORE_CTX_cleanup(&xs_ctx); 368 X509_STORE_CTX_cleanup(&xs_ctx);
388 return 0; 369 return 0;
389 }
390 } 370 }
391 X509_STORE_CTX_cleanup(&xs_ctx);
392 } 371 }
372 X509_STORE_CTX_cleanup(&xs_ctx);
393 } 373 }
374 }
394 /* Thawte special :-) */ 375 /* Thawte special :-) */
395 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) 376 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
396 { 377 x = sk_X509_value(s->ctx->extra_certs, i);
397 x=sk_X509_value(s->ctx->extra_certs,i);
398 if (ssl3_add_cert_to_buf(buf, &l, x)) 378 if (ssl3_add_cert_to_buf(buf, &l, x))
399 return(0); 379 return (0);
400 }
401
402 l-=7;
403 p=(unsigned char *)&(buf->data[4]);
404 l2n3(l,p);
405 l+=3;
406 p=(unsigned char *)&(buf->data[0]);
407 *(p++)=SSL3_MT_CERTIFICATE;
408 l2n3(l,p);
409 l+=4;
410 return(l);
411 } 380 }
412 381
382 l -= 7;
383 p = (unsigned char *)&(buf->data[4]);
384 l2n3(l, p);
385 l += 3;
386 p = (unsigned char *)&(buf->data[0]);
387 *(p++) = SSL3_MT_CERTIFICATE;
388 l2n3(l, p);
389 l += 4;
390 return (l);
391}
392
413/* Obtain handshake message of message type 'mt' (any if mt == -1), 393/* Obtain handshake message of message type 'mt' (any if mt == -1),
414 * maximum acceptable body length 'max'. 394 * maximum acceptable body length 'max'.
415 * The first four bytes (msg_type and length) are read in state 'st1', 395 * The first four bytes (msg_type and length) are read in state 'st1',
416 * the body is read in state 'stn'. 396 * the body is read in state 'stn'.
417 */ 397 */
418long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 398long
419 { 399ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
400{
420 unsigned char *p; 401 unsigned char *p;
421 unsigned long l; 402 unsigned long l;
422 long n; 403 long n;
423 int i,al; 404 int i, al;
424 405
425 if (s->s3->tmp.reuse_message) 406 if (s->s3->tmp.reuse_message) {
426 { 407 s->s3->tmp.reuse_message = 0;
427 s->s3->tmp.reuse_message=0; 408 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
428 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) 409 al = SSL_AD_UNEXPECTED_MESSAGE;
429 { 410 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
430 al=SSL_AD_UNEXPECTED_MESSAGE;
431 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
432 goto f_err; 411 goto f_err;
433 } 412 }
434 *ok=1; 413 *ok = 1;
435 s->init_msg = s->init_buf->data + 4; 414 s->init_msg = s->init_buf->data + 4;
436 s->init_num = (int)s->s3->tmp.message_size; 415 s->init_num = (int)s->s3->tmp.message_size;
437 return s->init_num; 416 return s->init_num;
438 } 417 }
439 418
440 p=(unsigned char *)s->init_buf->data; 419 p = (unsigned char *)s->init_buf->data;
441 420
442 if (s->state == st1) /* s->init_num < 4 */ 421 if (s->state == st1) /* s->init_num < 4 */
443 { 422 {
444 int skip_message; 423 int skip_message;
445 424
446 do 425 do {
447 { 426 while (s->init_num < 4) {
448 while (s->init_num < 4) 427 i = s->method->ssl_read_bytes(s,
449 { 428 SSL3_RT_HANDSHAKE, &p[s->init_num],
450 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 429 4 - s->init_num, 0);
451 &p[s->init_num],4 - s->init_num, 0); 430 if (i <= 0) {
452 if (i <= 0) 431 s->rwstate = SSL_READING;
453 {
454 s->rwstate=SSL_READING;
455 *ok = 0; 432 *ok = 0;
456 return i; 433 return i;
457 }
458 s->init_num+=i;
459 } 434 }
460 435 s->init_num += i;
436 }
437
461 skip_message = 0; 438 skip_message = 0;
462 if (!s->server) 439 if (!s->server)
463 if (p[0] == SSL3_MT_HELLO_REQUEST) 440 if (p[0] == SSL3_MT_HELLO_REQUEST)
@@ -465,79 +442,72 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
465 * we are doing a handshake anyway now, so ignore them 442 * we are doing a handshake anyway now, so ignore them
466 * if their format is correct. Does not count for 443 * if their format is correct. Does not count for
467 * 'Finished' MAC. */ 444 * 'Finished' MAC. */
468 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) 445 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) {
469 { 446 s->init_num = 0;
470 s->init_num = 0; 447 skip_message = 1;
471 skip_message = 1; 448
472 449 if (s->msg_callback)
473 if (s->msg_callback) 450 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
474 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
475 }
476 } 451 }
452 }
477 while (skip_message); 453 while (skip_message);
478 454
479 /* s->init_num == 4 */ 455 /* s->init_num == 4 */
480 456
481 if ((mt >= 0) && (*p != mt)) 457 if ((mt >= 0) && (*p != mt)) {
482 { 458 al = SSL_AD_UNEXPECTED_MESSAGE;
483 al=SSL_AD_UNEXPECTED_MESSAGE; 459 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
484 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
485 goto f_err; 460 goto f_err;
486 } 461 }
487 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && 462 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
488 (st1 == SSL3_ST_SR_CERT_A) && 463 (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) {
489 (stn == SSL3_ST_SR_CERT_B))
490 {
491 /* At this point we have got an MS SGC second client 464 /* At this point we have got an MS SGC second client
492 * hello (maybe we should always allow the client to 465 * hello (maybe we should always allow the client to
493 * start a new handshake?). We need to restart the mac. 466 * start a new handshake?). We need to restart the mac.
494 * Don't increment {num,total}_renegotiations because 467 * Don't increment {num,total}_renegotiations because
495 * we have not completed the handshake. */ 468 * we have not completed the handshake. */
496 ssl3_init_finished_mac(s); 469 ssl3_init_finished_mac(s);
497 } 470 }
498 471
499 s->s3->tmp.message_type= *(p++); 472 s->s3->tmp.message_type= *(p++);
500 473
501 n2l3(p,l); 474 n2l3(p, l);
502 if (l > (unsigned long)max) 475 if (l > (unsigned long)max) {
503 { 476 al = SSL_AD_ILLEGAL_PARAMETER;
504 al=SSL_AD_ILLEGAL_PARAMETER; 477 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
505 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
506 goto f_err; 478 goto f_err;
507 } 479 }
508 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ 480 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
509 { 481 {
510 al=SSL_AD_ILLEGAL_PARAMETER; 482 al = SSL_AD_ILLEGAL_PARAMETER;
511 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); 483 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
512 goto f_err; 484 goto f_err;
513 } 485 }
514 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) 486 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l + 4)) {
515 { 487 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
516 SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
517 goto err; 488 goto err;
518 } 489 }
519 s->s3->tmp.message_size=l; 490 s->s3->tmp.message_size = l;
520 s->state=stn; 491 s->state = stn;
521 492
522 s->init_msg = s->init_buf->data + 4; 493 s->init_msg = s->init_buf->data + 4;
523 s->init_num = 0; 494 s->init_num = 0;
524 } 495 }
525 496
526 /* next state (stn) */ 497 /* next state (stn) */
527 p = s->init_msg; 498 p = s->init_msg;
528 n = s->s3->tmp.message_size - s->init_num; 499 n = s->s3->tmp.message_size - s->init_num;
529 while (n > 0) 500 while (n > 0) {
530 { 501 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
531 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); 502 &p[s->init_num], n, 0);
532 if (i <= 0) 503 if (i <= 0) {
533 { 504 s->rwstate = SSL_READING;
534 s->rwstate=SSL_READING;
535 *ok = 0; 505 *ok = 0;
536 return i; 506 return i;
537 } 507 }
538 s->init_num += i; 508 s->init_num += i;
539 n -= i; 509 n -= i;
540 } 510 }
541 511
542#ifndef OPENSSL_NO_NEXTPROTONEG 512#ifndef OPENSSL_NO_NEXTPROTONEG
543 /* If receiving Finished, record MAC of prior handshake messages for 513 /* If receiving Finished, record MAC of prior handshake messages for
@@ -550,64 +520,60 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
550 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); 520 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
551 if (s->msg_callback) 521 if (s->msg_callback)
552 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); 522 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
553 *ok=1; 523 *ok = 1;
554 return s->init_num; 524 return s->init_num;
555f_err: 525f_err:
556 ssl3_send_alert(s,SSL3_AL_FATAL,al); 526 ssl3_send_alert(s, SSL3_AL_FATAL, al);
557err: 527err:
558 *ok=0; 528 *ok = 0;
559 return(-1); 529 return (-1);
560 } 530}
561 531
562int ssl_cert_type(X509 *x, EVP_PKEY *pkey) 532int
563 { 533ssl_cert_type(X509 *x, EVP_PKEY *pkey)
534{
564 EVP_PKEY *pk; 535 EVP_PKEY *pk;
565 int ret= -1,i; 536 int ret = -1, i;
566 537
567 if (pkey == NULL) 538 if (pkey == NULL)
568 pk=X509_get_pubkey(x); 539 pk = X509_get_pubkey(x);
569 else 540 else
570 pk=pkey; 541 pk = pkey;
571 if (pk == NULL) goto err; 542 if (pk == NULL)
572 543 goto err;
573 i=pk->type; 544
574 if (i == EVP_PKEY_RSA) 545 i = pk->type;
575 { 546 if (i == EVP_PKEY_RSA) {
576 ret=SSL_PKEY_RSA_ENC; 547 ret = SSL_PKEY_RSA_ENC;
577 } 548 } else if (i == EVP_PKEY_DSA) {
578 else if (i == EVP_PKEY_DSA) 549 ret = SSL_PKEY_DSA_SIGN;
579 { 550 }
580 ret=SSL_PKEY_DSA_SIGN;
581 }
582#ifndef OPENSSL_NO_EC 551#ifndef OPENSSL_NO_EC
583 else if (i == EVP_PKEY_EC) 552 else if (i == EVP_PKEY_EC) {
584 {
585 ret = SSL_PKEY_ECC; 553 ret = SSL_PKEY_ECC;
586 } 554 }
587#endif 555#endif
588 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) 556 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
589 {
590 ret = SSL_PKEY_GOST94; 557 ret = SSL_PKEY_GOST94;
591 } 558 } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
592 else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc)
593 {
594 ret = SSL_PKEY_GOST01; 559 ret = SSL_PKEY_GOST01;
595 }
596err:
597 if(!pkey) EVP_PKEY_free(pk);
598 return(ret);
599 } 560 }
561err:
562 if (!pkey)
563 EVP_PKEY_free(pk);
564 return (ret);
565}
600 566
601int ssl_verify_alarm_type(long type) 567int
602 { 568ssl_verify_alarm_type(long type)
569{
603 int al; 570 int al;
604 571
605 switch(type) 572 switch (type) {
606 {
607 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 573 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
608 case X509_V_ERR_UNABLE_TO_GET_CRL: 574 case X509_V_ERR_UNABLE_TO_GET_CRL:
609 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 575 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
610 al=SSL_AD_UNKNOWN_CA; 576 al = SSL_AD_UNKNOWN_CA;
611 break; 577 break;
612 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 578 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
613 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 579 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
@@ -620,21 +586,21 @@ int ssl_verify_alarm_type(long type)
620 case X509_V_ERR_CRL_NOT_YET_VALID: 586 case X509_V_ERR_CRL_NOT_YET_VALID:
621 case X509_V_ERR_CERT_UNTRUSTED: 587 case X509_V_ERR_CERT_UNTRUSTED:
622 case X509_V_ERR_CERT_REJECTED: 588 case X509_V_ERR_CERT_REJECTED:
623 al=SSL_AD_BAD_CERTIFICATE; 589 al = SSL_AD_BAD_CERTIFICATE;
624 break; 590 break;
625 case X509_V_ERR_CERT_SIGNATURE_FAILURE: 591 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
626 case X509_V_ERR_CRL_SIGNATURE_FAILURE: 592 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
627 al=SSL_AD_DECRYPT_ERROR; 593 al = SSL_AD_DECRYPT_ERROR;
628 break; 594 break;
629 case X509_V_ERR_CERT_HAS_EXPIRED: 595 case X509_V_ERR_CERT_HAS_EXPIRED:
630 case X509_V_ERR_CRL_HAS_EXPIRED: 596 case X509_V_ERR_CRL_HAS_EXPIRED:
631 al=SSL_AD_CERTIFICATE_EXPIRED; 597 al = SSL_AD_CERTIFICATE_EXPIRED;
632 break; 598 break;
633 case X509_V_ERR_CERT_REVOKED: 599 case X509_V_ERR_CERT_REVOKED:
634 al=SSL_AD_CERTIFICATE_REVOKED; 600 al = SSL_AD_CERTIFICATE_REVOKED;
635 break; 601 break;
636 case X509_V_ERR_OUT_OF_MEM: 602 case X509_V_ERR_OUT_OF_MEM:
637 al=SSL_AD_INTERNAL_ERROR; 603 al = SSL_AD_INTERNAL_ERROR;
638 break; 604 break;
639 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 605 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
640 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 606 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
@@ -643,20 +609,20 @@ int ssl_verify_alarm_type(long type)
643 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 609 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
644 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 610 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
645 case X509_V_ERR_INVALID_CA: 611 case X509_V_ERR_INVALID_CA:
646 al=SSL_AD_UNKNOWN_CA; 612 al = SSL_AD_UNKNOWN_CA;
647 break; 613 break;
648 case X509_V_ERR_APPLICATION_VERIFICATION: 614 case X509_V_ERR_APPLICATION_VERIFICATION:
649 al=SSL_AD_HANDSHAKE_FAILURE; 615 al = SSL_AD_HANDSHAKE_FAILURE;
650 break; 616 break;
651 case X509_V_ERR_INVALID_PURPOSE: 617 case X509_V_ERR_INVALID_PURPOSE:
652 al=SSL_AD_UNSUPPORTED_CERTIFICATE; 618 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
653 break; 619 break;
654 default: 620 default:
655 al=SSL_AD_CERTIFICATE_UNKNOWN; 621 al = SSL_AD_CERTIFICATE_UNKNOWN;
656 break; 622 break;
657 }
658 return(al);
659 } 623 }
624 return (al);
625}
660 626
661#ifndef OPENSSL_NO_BUF_FREELISTS 627#ifndef OPENSSL_NO_BUF_FREELISTS
662/* On some platforms, malloc() performance is bad enough that you can't just 628/* On some platforms, malloc() performance is bad enough that you can't just
@@ -680,7 +646,7 @@ int ssl_verify_alarm_type(long type)
680 */ 646 */
681static void * 647static void *
682freelist_extract(SSL_CTX *ctx, int for_read, int sz) 648freelist_extract(SSL_CTX *ctx, int for_read, int sz)
683 { 649{
684 SSL3_BUF_FREELIST *list; 650 SSL3_BUF_FREELIST *list;
685 SSL3_BUF_FREELIST_ENTRY *ent = NULL; 651 SSL3_BUF_FREELIST_ENTRY *ent = NULL;
686 void *result = NULL; 652 void *result = NULL;
@@ -689,13 +655,12 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz)
689 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; 655 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
690 if (list != NULL && sz == (int)list->chunklen) 656 if (list != NULL && sz == (int)list->chunklen)
691 ent = list->head; 657 ent = list->head;
692 if (ent != NULL) 658 if (ent != NULL) {
693 {
694 list->head = ent->next; 659 list->head = ent->next;
695 result = ent; 660 result = ent;
696 if (--list->len == 0) 661 if (--list->len == 0)
697 list->chunklen = 0; 662 list->chunklen = 0;
698 } 663 }
699 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 664 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
700 if (!result) 665 if (!result)
701 result = OPENSSL_malloc(sz); 666 result = OPENSSL_malloc(sz);
@@ -704,80 +669,76 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz)
704 669
705static void 670static void
706freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) 671freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
707 { 672{
708 SSL3_BUF_FREELIST *list; 673 SSL3_BUF_FREELIST *list;
709 SSL3_BUF_FREELIST_ENTRY *ent; 674 SSL3_BUF_FREELIST_ENTRY *ent;
710 675
711 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 676 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
712 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; 677 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
713 if (list != NULL && 678 if (list != NULL && (sz == list->chunklen || list->chunklen == 0) &&
714 (sz == list->chunklen || list->chunklen == 0) && 679 list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
715 list->len < ctx->freelist_max_len &&
716 sz >= sizeof(*ent))
717 {
718 list->chunklen = sz; 680 list->chunklen = sz;
719 ent = mem; 681 ent = mem;
720 ent->next = list->head; 682 ent->next = list->head;
721 list->head = ent; 683 list->head = ent;
722 ++list->len; 684 ++list->len;
723 mem = NULL; 685 mem = NULL;
724 } 686 }
725 687
726 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 688 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
727 if (mem) 689 if (mem)
728 OPENSSL_free(mem); 690 OPENSSL_free(mem);
729 } 691}
730#else 692#else
731#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) 693#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
732#define freelist_insert(c,fr,sz,m) OPENSSL_free(m) 694#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
733#endif 695#endif
734 696
735int ssl3_setup_read_buffer(SSL *s) 697int
736 { 698ssl3_setup_read_buffer(SSL *s)
699{
737 unsigned char *p; 700 unsigned char *p;
738 size_t len,align=0,headerlen; 701 size_t len, align = 0, headerlen;
739 702
740 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 703 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
741 headerlen = DTLS1_RT_HEADER_LENGTH; 704 headerlen = DTLS1_RT_HEADER_LENGTH;
742 else 705 else
743 headerlen = SSL3_RT_HEADER_LENGTH; 706 headerlen = SSL3_RT_HEADER_LENGTH;
744 707
745#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 708#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
746 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); 709 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1);
747#endif 710#endif
748 711
749 if (s->s3->rbuf.buf == NULL) 712 if (s->s3->rbuf.buf == NULL) {
750 { 713 len = SSL3_RT_MAX_PLAIN_LENGTH +
751 len = SSL3_RT_MAX_PLAIN_LENGTH 714 SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
752 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD 715 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
753 + headerlen + align;
754 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
755 {
756 s->s3->init_extra = 1; 716 s->s3->init_extra = 1;
757 len += SSL3_RT_MAX_EXTRA; 717 len += SSL3_RT_MAX_EXTRA;
758 } 718 }
759#ifndef OPENSSL_NO_COMP 719#ifndef OPENSSL_NO_COMP
760 if (!(s->options & SSL_OP_NO_COMPRESSION)) 720 if (!(s->options & SSL_OP_NO_COMPRESSION))
761 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; 721 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
762#endif 722#endif
763 if ((p=freelist_extract(s->ctx, 1, len)) == NULL) 723 if ((p = freelist_extract(s->ctx, 1, len)) == NULL)
764 goto err; 724 goto err;
765 s->s3->rbuf.buf = p; 725 s->s3->rbuf.buf = p;
766 s->s3->rbuf.len = len; 726 s->s3->rbuf.len = len;
767 } 727 }
768 728
769 s->packet= &(s->s3->rbuf.buf[0]); 729 s->packet = &(s->s3->rbuf.buf[0]);
770 return 1; 730 return 1;
771 731
772err: 732err:
773 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE); 733 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
774 return 0; 734 return 0;
775 } 735}
776 736
777int ssl3_setup_write_buffer(SSL *s) 737int
778 { 738ssl3_setup_write_buffer(SSL *s)
739{
779 unsigned char *p; 740 unsigned char *p;
780 size_t len,align=0,headerlen; 741 size_t len, align = 0, headerlen;
781 742
782 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 743 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
783 headerlen = DTLS1_RT_HEADER_LENGTH + 1; 744 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
@@ -785,62 +746,61 @@ int ssl3_setup_write_buffer(SSL *s)
785 headerlen = SSL3_RT_HEADER_LENGTH; 746 headerlen = SSL3_RT_HEADER_LENGTH;
786 747
787#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 748#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
788 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); 749 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1);
789#endif 750#endif
790 751
791 if (s->s3->wbuf.buf == NULL) 752 if (s->s3->wbuf.buf == NULL) {
792 { 753 len = s->max_send_fragment +
793 len = s->max_send_fragment 754 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
794 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
795 + headerlen + align;
796#ifndef OPENSSL_NO_COMP 755#ifndef OPENSSL_NO_COMP
797 if (!(s->options & SSL_OP_NO_COMPRESSION)) 756 if (!(s->options & SSL_OP_NO_COMPRESSION))
798 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; 757 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
799#endif 758#endif
800 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 759 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
801 len += headerlen + align 760 len += headerlen + align +
802 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 761 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
803 762
804 if ((p=freelist_extract(s->ctx, 0, len)) == NULL) 763 if ((p = freelist_extract(s->ctx, 0, len)) == NULL)
805 goto err; 764 goto err;
806 s->s3->wbuf.buf = p; 765 s->s3->wbuf.buf = p;
807 s->s3->wbuf.len = len; 766 s->s3->wbuf.len = len;
808 } 767 }
809 768
810 return 1; 769 return 1;
811 770
812err: 771err:
813 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE); 772 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
814 return 0; 773 return 0;
815 } 774}
816 775
817 776
818int ssl3_setup_buffers(SSL *s) 777int
819 { 778ssl3_setup_buffers(SSL *s)
779{
820 if (!ssl3_setup_read_buffer(s)) 780 if (!ssl3_setup_read_buffer(s))
821 return 0; 781 return 0;
822 if (!ssl3_setup_write_buffer(s)) 782 if (!ssl3_setup_write_buffer(s))
823 return 0; 783 return 0;
824 return 1; 784 return 1;
825 } 785}
826 786
827int ssl3_release_write_buffer(SSL *s) 787int
828 { 788ssl3_release_write_buffer(SSL *s)
829 if (s->s3->wbuf.buf != NULL) 789{
830 { 790 if (s->s3->wbuf.buf != NULL) {
831 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); 791 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
832 s->s3->wbuf.buf = NULL; 792 s->s3->wbuf.buf = NULL;
833 }
834 return 1;
835 } 793 }
794 return 1;
795}
836 796
837int ssl3_release_read_buffer(SSL *s) 797int
838 { 798ssl3_release_read_buffer(SSL *s)
839 if (s->s3->rbuf.buf != NULL) 799{
840 { 800 if (s->s3->rbuf.buf != NULL) {
841 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); 801 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
842 s->s3->rbuf.buf = NULL; 802 s->s3->rbuf.buf = NULL;
843 }
844 return 1;
845 } 803 }
804 return 1;
805}
846 806
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 19:21:21 +0000