1 files changed, 142 insertions, 22 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index f3f27715d5..03e0c38770 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -55,7 +55,61 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <string.h>
 #include <stdio.h>
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
@@ -64,8 +118,27 @@
 #include <openssl/x509.h>
 #include "ssl_locl.h"
-int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender,
+/* send s->init_buf in records of type 'type' */
-             int slen)
+int ssl3_do_write(SSL *s, int type)
+        {
+        int ret;
+        ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
+                             s->init_num);
+        if (ret < 0) return(-1);
+        if (type == SSL3_RT_HANDSHAKE)
+                /* should not be done for 'Hello Request's, but in that case
+                 * we'll ignore the result anyway */
+                ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
+        
+        if (ret == s->init_num)
+                return(1);
+        s->init_off+=ret;
+        s->init_num-=ret;
+        return(0);
+        }
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
        {
        unsigned char *p,*d;
        int i;
@@ -79,7 +152,9 @@ int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender,
                i=s->method->ssl3_enc->final_finish_mac(s,
                        &(s->s3->finish_dgst1),
                        &(s->s3->finish_dgst2),
-                        sender,slen,p);
+                        sender,slen,s->s3->tmp.finish_md);
+                s->s3->tmp.finish_md_len = i;
+                memcpy(p, s->s3->tmp.finish_md, i);
                p+=i;
                l=i;
@@ -109,7 +184,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
        unsigned char *p;
        /* the mac has already been generated when we received the
-         * change cipher spec message and is in s->s3->tmp.in_dgst[12]
+         * change cipher spec message and is in s->s3->tmp.peer_finish_md
         */ 
        n=ssl3_get_message(s,
@@ -121,7 +196,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
        if (!ok) return((int)n);
-        /* If this occurs if we has missed a message */
+        /* If this occurs, we have missed a message */
        if (!s->s3->change_cipher_spec)
                {
                al=SSL_AD_UNEXPECTED_MESSAGE;
@@ -130,9 +205,8 @@ int ssl3_get_finished(SSL *s, int a, int b)
                }
        s->s3->change_cipher_spec=0;
-        p=(unsigned char *)s->init_buf->data;
+        p = (unsigned char *)s->init_buf->data;
+        i = s->s3->tmp.peer_finish_md_len;
-        i=s->method->ssl3_enc->finish_mac_length;
        if (i != n)
                {
@@ -141,7 +215,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
                goto f_err;
                }
-        if (memcmp(  p,    (char *)&(s->s3->tmp.finish_md[0]),i) != 0)
+        if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
                {
                al=SSL_AD_DECRYPT_ERROR;
                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
@@ -255,6 +329,11 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
        return(l);
        }
+/* Obtain handshake message of message type 'mt' (any if mt == -1),
+ * maximum acceptable body length 'max'.
+ * The first four bytes (msg_type and length) are read in state 'st1',
+ * the body is read in state 'stn'.
+ */
 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        {
        unsigned char *p;
@@ -277,15 +356,38 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        p=(unsigned char *)s->init_buf->data;
-        if (s->state == st1)
+        if (s->state == st1) /* s->init_num < 4 */
                {
-                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
+                int skip_message;
-                                  4-s->init_num);
-                if (i < (4-s->init_num))
+                do
                        {
-                        *ok=0;
+                        while (s->init_num < 4)
-                        return(ssl3_part_read(s,i));
+                                {
+                                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
+                                        4 - s->init_num);
+                                if (i <= 0)
+                                        {
+                                        s->rwstate=SSL_READING;
+                                        *ok = 0;
+                                        return i;
+                                        }
+                                s->init_num+=i;
+                                }
+                        
+                        skip_message = 0;
+                        if (!s->server)
+                                if (p[0] == SSL3_MT_HELLO_REQUEST)
+                                        /* The server may always send 'Hello Request' messages --
+                                         * we are doing a handshake anyway now, so ignore them
+                                         * if their format is correct. Does not count for
+                                         * 'Finished' MAC. */
+                                        if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
+                                                skip_message = 1;
                        }
+                while (skip_message);
+                /* s->init_num == 4 */
                if ((mt >= 0) && (*p != mt))
                        {
@@ -293,6 +395,20 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
                        goto f_err;
                        }
+                if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
+                                        (st1 == SSL3_ST_SR_CERT_A) &&
+                                        (stn == SSL3_ST_SR_CERT_B))
+                        {
+                        /* At this point we have got an MS SGC second client
+                         * hello (maybe we should always allow the client to
+                         * start a new handshake?). We need to restart the mac.
+                         * Don't increment {num,total}_renegotiations because
+                         * we have not completed the handshake. */
+                        ssl3_init_finished_mac(s);
+                        }
+                ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, 4);
+                        
                s->s3->tmp.message_type= *(p++);
                n2l3(p,l);
@@ -316,17 +432,21 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        /* next state (stn) */
        p=(unsigned char *)s->init_buf->data;
        n=s->s3->tmp.message_size;
-        if (n > 0)
+        while (n > 0)
                {
                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n);
-                if (i != (int)n)
+                if (i <= 0)
                        {
-                        *ok=0;
+                        s->rwstate=SSL_READING;
-                        return(ssl3_part_read(s,i));
+                        *ok = 0;
+                        return i;
                        }
+                s->init_num += i;
+                n -= i;
                }
+        ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
        *ok=1;
-        return(n);
+        return s->init_num;
 f_err:
        ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
@@ -447,7 +567,7 @@ int ssl3_setup_buffers(SSL *s)
                        extra=SSL3_RT_MAX_EXTRA;
                else
                        extra=0;
-                if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
+                if ((p=Malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
                        == NULL)
                        goto err;
                s->s3->rbuf.buf=p;
@@ -455,7 +575,7 @@ int ssl3_setup_buffers(SSL *s)
        if (s->s3->wbuf.buf == NULL)
                {
-                if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE))
+                if ((p=Malloc(SSL3_RT_MAX_PACKET_SIZE))
                        == NULL)
                        goto err;
                s->s3->wbuf.buf=p;

diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index f3f27715d5..03e0c38770 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c
@@ -55,7 +55,61 @@
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
		58	/* ====================================================================
		59	* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
		60	*
		61	* Redistribution and use in source and binary forms, with or without
		62	* modification, are permitted provided that the following conditions
		63	* are met:
		64	*
		65	* 1. Redistributions of source code must retain the above copyright
		66	* notice, this list of conditions and the following disclaimer.
		67	*
		68	* 2. Redistributions in binary form must reproduce the above copyright
		69	* notice, this list of conditions and the following disclaimer in
		70	* the documentation and/or other materials provided with the
		71	* distribution.
		72	*
		73	* 3. All advertising materials mentioning features or use of this
		74	* software must display the following acknowledgment:
		75	* "This product includes software developed by the OpenSSL Project
		76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		77	*
		78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		79	* endorse or promote products derived from this software without
		80	* prior written permission. For written permission, please contact
		81	* openssl-core@openssl.org.
		82	*
		83	* 5. Products derived from this software may not be called "OpenSSL"
		84	* nor may "OpenSSL" appear in their names without prior written
		85	* permission of the OpenSSL Project.
		86	*
		87	* 6. Redistributions of any form whatsoever must retain the following
		88	* acknowledgment:
		89	* "This product includes software developed by the OpenSSL Project
		90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		91	*
		92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		103	* OF THE POSSIBILITY OF SUCH DAMAGE.
		104	* ====================================================================
		105	*
		106	* This product includes cryptographic software written by Eric Young
		107	* (eay@cryptsoft.com). This product includes software written by Tim
		108	* Hudson (tjh@cryptsoft.com).
		109	*
		110	*/
58		111
		112	#include <string.h>
59	#include <stdio.h>	113	#include <stdio.h>
60	#include <openssl/buffer.h>	114	#include <openssl/buffer.h>
61	#include <openssl/rand.h>	115	#include <openssl/rand.h>
@@ -64,8 +118,27 @@
64	#include <openssl/x509.h>	118	#include <openssl/x509.h>
65	#include "ssl_locl.h"	119	#include "ssl_locl.h"
66		120
67	int ssl3_send_finished(SSL s, int a, int b, unsigned char sender,	121	/* send s->init_buf in records of type 'type' */
68	int slen)	122	int ssl3_do_write(SSL *s, int type)
		123	{
		124	int ret;
		125
		126	ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
		127	s->init_num);
		128	if (ret < 0) return(-1);
		129	if (type == SSL3_RT_HANDSHAKE)
		130	/* should not be done for 'Hello Request's, but in that case
		131	* we'll ignore the result anyway */
		132	ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
		133
		134	if (ret == s->init_num)
		135	return(1);
		136	s->init_off+=ret;
		137	s->init_num-=ret;
		138	return(0);
		139	}
		140
		141	int ssl3_send_finished(SSL s, int a, int b, const char sender, int slen)
69	{	142	{
70	unsigned char p,d;	143	unsigned char p,d;
71	int i;	144	int i;
@@ -79,7 +152,9 @@ int ssl3_send_finished(SSL s, int a, int b, unsigned char sender,
79	i=s->method->ssl3_enc->final_finish_mac(s,	152	i=s->method->ssl3_enc->final_finish_mac(s,
80	&(s->s3->finish_dgst1),	153	&(s->s3->finish_dgst1),
81	&(s->s3->finish_dgst2),	154	&(s->s3->finish_dgst2),
82	sender,slen,p);	155	sender,slen,s->s3->tmp.finish_md);
		156	s->s3->tmp.finish_md_len = i;
		157	memcpy(p, s->s3->tmp.finish_md, i);
83	p+=i;	158	p+=i;
84	l=i;	159	l=i;
85		160
@@ -109,7 +184,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
109	unsigned char *p;	184	unsigned char *p;
110		185
111	/* the mac has already been generated when we received the	186	/* the mac has already been generated when we received the
112	* change cipher spec message and is in s->s3->tmp.in_dgst[12]	187	* change cipher spec message and is in s->s3->tmp.peer_finish_md
113	*/	188	*/
114		189
115	n=ssl3_get_message(s,	190	n=ssl3_get_message(s,
@@ -121,7 +196,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
121		196
122	if (!ok) return((int)n);	197	if (!ok) return((int)n);
123		198
124	/* If this occurs if we has missed a message */	199	/* If this occurs, we have missed a message */
125	if (!s->s3->change_cipher_spec)	200	if (!s->s3->change_cipher_spec)
126	{	201	{
127	al=SSL_AD_UNEXPECTED_MESSAGE;	202	al=SSL_AD_UNEXPECTED_MESSAGE;
@@ -130,9 +205,8 @@ int ssl3_get_finished(SSL *s, int a, int b)
130	}	205	}
131	s->s3->change_cipher_spec=0;	206	s->s3->change_cipher_spec=0;
132		207
133	p=(unsigned char *)s->init_buf->data;	208	p = (unsigned char *)s->init_buf->data;
134		209	i = s->s3->tmp.peer_finish_md_len;
135	i=s->method->ssl3_enc->finish_mac_length;
136		210
137	if (i != n)	211	if (i != n)
138	{	212	{
@@ -141,7 +215,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
141	goto f_err;	215	goto f_err;
142	}	216	}
143		217
144	if (memcmp( p, (char *)&(s->s3->tmp.finish_md[0]),i) != 0)	218	if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
145	{	219	{
146	al=SSL_AD_DECRYPT_ERROR;	220	al=SSL_AD_DECRYPT_ERROR;
147	SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);	221	SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
@@ -255,6 +329,11 @@ unsigned long ssl3_output_cert_chain(SSL s, X509 x)
255	return(l);	329	return(l);
256	}	330	}
257		331
		332	/* Obtain handshake message of message type 'mt' (any if mt == -1),
		333	* maximum acceptable body length 'max'.
		334	* The first four bytes (msg_type and length) are read in state 'st1',
		335	* the body is read in state 'stn'.
		336	*/
258	long ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)	337	long ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
259	{	338	{
260	unsigned char *p;	339	unsigned char *p;
@@ -277,15 +356,38 @@ long ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
277		356
278	p=(unsigned char *)s->init_buf->data;	357	p=(unsigned char *)s->init_buf->data;
279		358
280	if (s->state == st1)	359	if (s->state == st1) /* s->init_num < 4 */
281	{	360	{
282	i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],	361	int skip_message;
283	4-s->init_num);	362
284	if (i < (4-s->init_num))	363	do
285	{	364	{
286	*ok=0;	365	while (s->init_num < 4)
287	return(ssl3_part_read(s,i));	366	{
		367	i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
		368	4 - s->init_num);
		369	if (i <= 0)
		370	{
		371	s->rwstate=SSL_READING;
		372	*ok = 0;
		373	return i;
		374	}
		375	s->init_num+=i;
		376	}
		377
		378	skip_message = 0;
		379	if (!s->server)
		380	if (p[0] == SSL3_MT_HELLO_REQUEST)
		381	/* The server may always send 'Hello Request' messages --
		382	* we are doing a handshake anyway now, so ignore them
		383	* if their format is correct. Does not count for
		384	* 'Finished' MAC. */
		385	if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
		386	skip_message = 1;
288	}	387	}
		388	while (skip_message);
		389
		390	/* s->init_num == 4 */
289		391
290	if ((mt >= 0) && (*p != mt))	392	if ((mt >= 0) && (*p != mt))
291	{	393	{
@@ -293,6 +395,20 @@ long ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
293	SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);	395	SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
294	goto f_err;	396	goto f_err;
295	}	397	}
		398	if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
		399	(st1 == SSL3_ST_SR_CERT_A) &&
		400	(stn == SSL3_ST_SR_CERT_B))
		401	{
		402	/* At this point we have got an MS SGC second client
		403	* hello (maybe we should always allow the client to
		404	* start a new handshake?). We need to restart the mac.
		405	* Don't increment {num,total}_renegotiations because
		406	* we have not completed the handshake. */
		407	ssl3_init_finished_mac(s);
		408	}
		409
		410	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, 4);
		411
296	s->s3->tmp.message_type= *(p++);	412	s->s3->tmp.message_type= *(p++);
297		413
298	n2l3(p,l);	414	n2l3(p,l);
@@ -316,17 +432,21 @@ long ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
316	/* next state (stn) */	432	/* next state (stn) */
317	p=(unsigned char *)s->init_buf->data;	433	p=(unsigned char *)s->init_buf->data;
318	n=s->s3->tmp.message_size;	434	n=s->s3->tmp.message_size;
319	if (n > 0)	435	while (n > 0)
320	{	436	{
321	i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n);	437	i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n);
322	if (i != (int)n)	438	if (i <= 0)
323	{	439	{
324	*ok=0;	440	s->rwstate=SSL_READING;
325	return(ssl3_part_read(s,i));	441	*ok = 0;
		442	return i;
326	}	443	}
		444	s->init_num += i;
		445	n -= i;
327	}	446	}
		447	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
328	*ok=1;	448	*ok=1;
329	return(n);	449	return s->init_num;
330	f_err:	450	f_err:
331	ssl3_send_alert(s,SSL3_AL_FATAL,al);	451	ssl3_send_alert(s,SSL3_AL_FATAL,al);
332	err:	452	err:
@@ -447,7 +567,7 @@ int ssl3_setup_buffers(SSL *s)
447	extra=SSL3_RT_MAX_EXTRA;	567	extra=SSL3_RT_MAX_EXTRA;
448	else	568	else
449	extra=0;	569	extra=0;
450	if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE+extra))	570	if ((p=Malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
451	== NULL)	571	== NULL)
452	goto err;	572	goto err;
453	s->s3->rbuf.buf=p;	573	s->s3->rbuf.buf=p;
@@ -455,7 +575,7 @@ int ssl3_setup_buffers(SSL *s)
455		575
456	if (s->s3->wbuf.buf == NULL)	576	if (s->s3->wbuf.buf == NULL)
457	{	577	{
458	if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE))	578	if ((p=Malloc(SSL3_RT_MAX_PACKET_SIZE))
459	== NULL)	579	== NULL)
460	goto err;	580	goto err;
461	s->s3->wbuf.buf=p;	581	s->s3->wbuf.buf=p;