1 files changed, 24 insertions, 25 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 44c7c143fe..cb0b12b400 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -118,9 +118,15 @@
 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                         unsigned int len, int create_empty_fragment);
+static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+                              unsigned int len);
 static int ssl3_get_record(SSL *s);
+static int do_compress(SSL *ssl);
+static int do_uncompress(SSL *ssl);
+static int do_change_cipher_spec(SSL *ssl);
-int ssl3_read_n(SSL *s, int n, int max, int extend)
+/* used only by ssl3_get_record */
+static int ssl3_read_n(SSL *s, int n, int max, int extend)
        {
        /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
         * packet by another n bytes.
@@ -141,14 +147,6 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
                /* ... now we can act as if 'extend' was set */
                }
-        /* extend reads should not span multiple packets for DTLS */
-        if ( SSL_version(s) == DTLS1_VERSION &&
-                extend)
-                {
-                if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
-                        n = s->s3->rbuf.left;
-                }
        /* if there is enough in the buffer from a previous read, take some */
        if (s->s3->rbuf.left >= (int)n)
                {
@@ -277,7 +275,11 @@ again:
                n2s(p,rr->length);
                /* Lets check version */
-                if (!s->first_packet)
+                if (s->first_packet)
+                        {
+                        s->first_packet=0;
+                        }
+                else
                        {
                        if (version != s->version)
                                {
@@ -432,7 +434,7 @@ printf("\n");
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
                        goto f_err;
                        }
-                if (!ssl3_do_uncompress(s))
+                if (!do_uncompress(s))
                        {
                        al=SSL_AD_DECOMPRESSION_FAILURE;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
@@ -470,9 +472,8 @@ err:
        return(ret);
        }
-int ssl3_do_uncompress(SSL *ssl)
+static int do_uncompress(SSL *ssl)
        {
-#ifndef OPENSSL_NO_COMP
        int i;
        SSL3_RECORD *rr;
@@ -484,13 +485,12 @@ int ssl3_do_uncompress(SSL *ssl)
        else
                rr->length=i;
        rr->data=rr->comp;
-#endif
        return(1);
        }
-int ssl3_do_compress(SSL *ssl)
+static int do_compress(SSL *ssl)
        {
-#ifndef OPENSSL_NO_COMP
        int i;
        SSL3_RECORD *wr;
@@ -504,7 +504,6 @@ int ssl3_do_compress(SSL *ssl)
                wr->length=i;
        wr->input=wr->data;
-#endif
        return(1);
        }
@@ -581,7 +580,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        /* If we have an alert to send, lets send it */
        if (s->s3->alert_dispatch)
                {
-                i=s->method->ssl_dispatch_alert(s);
+                i=ssl3_dispatch_alert(s);
                if (i <= 0)
                        return(i);
                /* if it went, fall through and send more stuff */
@@ -656,7 +655,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        /* first we compress */
        if (s->compress != NULL)
                {
-                if (!ssl3_do_compress(s))
+                if (!do_compress(s))
                        {
                        SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
                        goto err;
@@ -717,8 +716,8 @@ err:
        }
 /* if s->s3->wbuf.left != 0, we need to call this */
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-        unsigned int len)
+                              unsigned int len)
        {
        int i;
@@ -1090,7 +1089,7 @@ start:
                if (s->s3->tmp.new_cipher == NULL)
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
                        goto f_err;
                        }
@@ -1100,7 +1099,7 @@ start:
                        s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
                s->s3->change_cipher_spec=1;
-                if (!ssl3_do_change_cipher_spec(s))
+                if (!do_change_cipher_spec(s))
                        goto err;
                else
                        goto start;
@@ -1212,7 +1211,7 @@ err:
        return(-1);
        }
-int ssl3_do_change_cipher_spec(SSL *s)
+static int do_change_cipher_spec(SSL *s)
        {
        int i;
        const char *sender;
@@ -1269,7 +1268,7 @@ void ssl3_send_alert(SSL *s, int level, int desc)
        s->s3->send_alert[0]=level;
        s->s3->send_alert[1]=desc;
        if (s->s3->wbuf.left == 0) /* data still being written out? */
-                s->method->ssl_dispatch_alert(s);
+                ssl3_dispatch_alert(s);
        /* else data is still being written out, we will get written
         * some time in the future */
        }

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 44c7c143fe..cb0b12b400 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c
@@ -118,9 +118,15 @@
118		118
119	static int do_ssl3_write(SSL s, int type, const unsigned char buf,	119	static int do_ssl3_write(SSL s, int type, const unsigned char buf,
120	unsigned int len, int create_empty_fragment);	120	unsigned int len, int create_empty_fragment);
		121	static int ssl3_write_pending(SSL s, int type, const unsigned char buf,
		122	unsigned int len);
121	static int ssl3_get_record(SSL *s);	123	static int ssl3_get_record(SSL *s);
		124	static int do_compress(SSL *ssl);
		125	static int do_uncompress(SSL *ssl);
		126	static int do_change_cipher_spec(SSL *ssl);
122		127
123	int ssl3_read_n(SSL *s, int n, int max, int extend)	128	/* used only by ssl3_get_record */
		129	static int ssl3_read_n(SSL *s, int n, int max, int extend)
124	{	130	{
125	/* If extend == 0, obtain new n-byte packet; if extend == 1, increase	131	/* If extend == 0, obtain new n-byte packet; if extend == 1, increase
126	* packet by another n bytes.	132	* packet by another n bytes.
@@ -141,14 +147,6 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
141	/* ... now we can act as if 'extend' was set */	147	/* ... now we can act as if 'extend' was set */
142	}	148	}
143		149
144	/* extend reads should not span multiple packets for DTLS */
145	if ( SSL_version(s) == DTLS1_VERSION &&
146	extend)
147	{
148	if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
149	n = s->s3->rbuf.left;
150	}
151
152	/* if there is enough in the buffer from a previous read, take some */	150	/* if there is enough in the buffer from a previous read, take some */
153	if (s->s3->rbuf.left >= (int)n)	151	if (s->s3->rbuf.left >= (int)n)
154	{	152	{
@@ -277,7 +275,11 @@ again:
277	n2s(p,rr->length);	275	n2s(p,rr->length);
278		276
279	/* Lets check version */	277	/* Lets check version */
280	if (!s->first_packet)	278	if (s->first_packet)
		279	{
		280	s->first_packet=0;
		281	}
		282	else
281	{	283	{
282	if (version != s->version)	284	if (version != s->version)
283	{	285	{
@@ -432,7 +434,7 @@ printf("\n");
432	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);	434	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
433	goto f_err;	435	goto f_err;
434	}	436	}
435	if (!ssl3_do_uncompress(s))	437	if (!do_uncompress(s))
436	{	438	{
437	al=SSL_AD_DECOMPRESSION_FAILURE;	439	al=SSL_AD_DECOMPRESSION_FAILURE;
438	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);	440	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
@@ -470,9 +472,8 @@ err:
470	return(ret);	472	return(ret);
471	}	473	}
472		474
473	int ssl3_do_uncompress(SSL *ssl)	475	static int do_uncompress(SSL *ssl)
474	{	476	{
475	#ifndef OPENSSL_NO_COMP
476	int i;	477	int i;
477	SSL3_RECORD *rr;	478	SSL3_RECORD *rr;
478		479
@@ -484,13 +485,12 @@ int ssl3_do_uncompress(SSL *ssl)
484	else	485	else
485	rr->length=i;	486	rr->length=i;
486	rr->data=rr->comp;	487	rr->data=rr->comp;
487	#endif	488
488	return(1);	489	return(1);
489	}	490	}
490		491
491	int ssl3_do_compress(SSL *ssl)	492	static int do_compress(SSL *ssl)
492	{	493	{
493	#ifndef OPENSSL_NO_COMP
494	int i;	494	int i;
495	SSL3_RECORD *wr;	495	SSL3_RECORD *wr;
496		496
@@ -504,7 +504,6 @@ int ssl3_do_compress(SSL *ssl)
504	wr->length=i;	504	wr->length=i;
505		505
506	wr->input=wr->data;	506	wr->input=wr->data;
507	#endif
508	return(1);	507	return(1);
509	}	508	}
510		509
@@ -581,7 +580,7 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
581	/* If we have an alert to send, lets send it */	580	/* If we have an alert to send, lets send it */
582	if (s->s3->alert_dispatch)	581	if (s->s3->alert_dispatch)
583	{	582	{
584	i=s->method->ssl_dispatch_alert(s);	583	i=ssl3_dispatch_alert(s);
585	if (i <= 0)	584	if (i <= 0)
586	return(i);	585	return(i);
587	/* if it went, fall through and send more stuff */	586	/* if it went, fall through and send more stuff */
@@ -656,7 +655,7 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
656	/* first we compress */	655	/* first we compress */
657	if (s->compress != NULL)	656	if (s->compress != NULL)
658	{	657	{
659	if (!ssl3_do_compress(s))	658	if (!do_compress(s))
660	{	659	{
661	SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);	660	SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
662	goto err;	661	goto err;
@@ -717,8 +716,8 @@ err:
717	}	716	}
718		717
719	/* if s->s3->wbuf.left != 0, we need to call this */	718	/* if s->s3->wbuf.left != 0, we need to call this */
720	int ssl3_write_pending(SSL s, int type, const unsigned char buf,	719	static int ssl3_write_pending(SSL s, int type, const unsigned char buf,
721	unsigned int len)	720	unsigned int len)
722	{	721	{
723	int i;	722	int i;
724		723
@@ -1090,7 +1089,7 @@ start:
1090	if (s->s3->tmp.new_cipher == NULL)	1089	if (s->s3->tmp.new_cipher == NULL)
1091	{	1090	{
1092	al=SSL_AD_UNEXPECTED_MESSAGE;	1091	al=SSL_AD_UNEXPECTED_MESSAGE;
1093	SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);	1092	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
1094	goto f_err;	1093	goto f_err;
1095	}	1094	}
1096		1095
@@ -1100,7 +1099,7 @@ start:
1100	s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);	1099	s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
1101		1100
1102	s->s3->change_cipher_spec=1;	1101	s->s3->change_cipher_spec=1;
1103	if (!ssl3_do_change_cipher_spec(s))	1102	if (!do_change_cipher_spec(s))
1104	goto err;	1103	goto err;
1105	else	1104	else
1106	goto start;	1105	goto start;
@@ -1212,7 +1211,7 @@ err:
1212	return(-1);	1211	return(-1);
1213	}	1212	}
1214		1213
1215	int ssl3_do_change_cipher_spec(SSL *s)	1214	static int do_change_cipher_spec(SSL *s)
1216	{	1215	{
1217	int i;	1216	int i;
1218	const char *sender;	1217	const char *sender;
@@ -1269,7 +1268,7 @@ void ssl3_send_alert(SSL *s, int level, int desc)
1269	s->s3->send_alert[0]=level;	1268	s->s3->send_alert[0]=level;
1270	s->s3->send_alert[1]=desc;	1269	s->s3->send_alert[1]=desc;
1271	if (s->s3->wbuf.left == 0) /* data still being written out? */	1270	if (s->s3->wbuf.left == 0) /* data still being written out? */
1272	s->method->ssl_dispatch_alert(s);	1271	ssl3_dispatch_alert(s);
1273	/* else data is still being written out, we will get written	1272	/* else data is still being written out, we will get written
1274	* some time in the future */	1273	* some time in the future */
1275	}	1274	}