diff options
| author | Bodo Möller <bodo@openssl.org> | 2000-12-18 11:35:32 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2000-12-18 11:35:32 +0000 |
| commit | 3880cd35ad222b10367435f92ab547dce2629f22 (patch) | |
| tree | 9c8764fbf3be1521697ab79b28623d723ef5f2a7 /ssl | |
| parent | cb38052b3a3e4eda010f5b9893292921493eb890 (diff) | |
Import s2_pkt.c wbuf fixes from OpenSSL_0_9_6-stable branch.
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s2_lib.c | 8 | ||||
| -rw-r--r-- | ssl/s2_pkt.c | 25 | ||||
| -rw-r--r-- | ssl/ssl2.h | 6 |
3 files changed, 31 insertions, 8 deletions
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index a6f4db36c0..52a2b27963 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -273,10 +273,16 @@ int ssl2_new(SSL *s) if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err; memset(s2,0,sizeof *s2); +#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2 +# error "assertion failed" +#endif + if ((s2->rbuf=OPENSSL_malloc( SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; + /* wbuf needs one byte more because when using two-byte headers, + * we leave the first byte unused in do_ssl_write (s2_pkt.c) */ if ((s2->wbuf=OPENSSL_malloc( - SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; + SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err; s->s2=s2; ssl2_clear(s); diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 6081dd7b47..2866d61fa4 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -541,6 +541,9 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) { bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx); j=len+mac_size; + /* Two-byte headers allow for a larger record length than + * three-byte headers, but we can't use them if we need + * padding or if we have to set the escape bit. */ if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) && (!s->s2->escape)) { @@ -556,25 +559,39 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) } else if ((bs <= 1) && (!s->s2->escape)) { - /* len=len; */ + /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus + * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */ s->s2->three_byte_header=0; p=0; } - else /* 3 byte header */ + else /* we may have to use a 3 byte header */ { - /*len=len; */ + /* If s->s2->escape is not set, then + * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus + * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */ p=(j%bs); p=(p == 0)?0:(bs-p); if (s->s2->escape) + { s->s2->three_byte_header=1; + if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) + j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER; + } else s->s2->three_byte_header=(p == 0)?0:1; } } + + /* Now + * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + * holds, and if s->s2->three_byte_header is set, then even + * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER. + */ + /* mac_size is the number of MAC bytes * len is the number of data bytes we are going to send * p is the number of padding bytes - * if p == 0, it is a 2 byte header */ + * (if it is a two-byte header, then p == 0) */ s->s2->wlength=len; s->s2->padding=p; diff --git a/ssl/ssl2.h b/ssl/ssl2.h index df7d03c18f..f8b56afb6b 100644 --- a/ssl/ssl2.h +++ b/ssl/ssl2.h @@ -134,11 +134,11 @@ extern "C" { /* Upper/Lower Bounds */ #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 #ifdef MPE -#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)29998 +#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u #else -#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)32767 +#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */ #endif -#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /**/ +#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */ #define SSL2_CHALLENGE_LENGTH 16 /*#define SSL2_CHALLENGE_LENGTH 32 */ |