OLD | NEW |
1 /* ssl/s3_both.c */ | 1 /* ssl/s3_both.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
153 unsigned char *p,*d; | 153 unsigned char *p,*d; |
154 int i; | 154 int i; |
155 unsigned long l; | 155 unsigned long l; |
156 | 156 |
157 if (s->state == a) | 157 if (s->state == a) |
158 { | 158 { |
159 d=(unsigned char *)s->init_buf->data; | 159 d=(unsigned char *)s->init_buf->data; |
160 p= &(d[4]); | 160 p= &(d[4]); |
161 | 161 |
162 i=s->method->ssl3_enc->final_finish_mac(s, | 162 i=s->method->ssl3_enc->final_finish_mac(s, |
163 &(s->s3->finish_dgst1), | |
164 &(s->s3->finish_dgst2), | |
165 sender,slen,s->s3->tmp.finish_md); | 163 sender,slen,s->s3->tmp.finish_md); |
166 s->s3->tmp.finish_md_len = i; | 164 s->s3->tmp.finish_md_len = i; |
167 memcpy(p, s->s3->tmp.finish_md, i); | 165 memcpy(p, s->s3->tmp.finish_md, i); |
168 p+=i; | 166 p+=i; |
169 l=i; | 167 l=i; |
170 | 168 |
171 /* Copy the finished so we can use it for | 169 /* Copy the finished so we can use it for |
172 renegotiation checks */ | 170 renegotiation checks */ |
173 if(s->type == SSL_ST_CONNECT) | 171 if(s->type == SSL_ST_CONNECT) |
174 { | 172 { |
(...skipping 22 matching lines...) Expand all Loading... |
197 s->init_num=(int)l+4; | 195 s->init_num=(int)l+4; |
198 s->init_off=0; | 196 s->init_off=0; |
199 | 197 |
200 s->state=b; | 198 s->state=b; |
201 } | 199 } |
202 | 200 |
203 /* SSL3_ST_SEND_xxxxxx_HELLO_B */ | 201 /* SSL3_ST_SEND_xxxxxx_HELLO_B */ |
204 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 202 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
205 } | 203 } |
206 | 204 |
| 205 #ifndef OPENSSL_NO_NEXTPROTONEG |
207 /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to
far. */ | 206 /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to
far. */ |
208 void ssl3_take_mac(SSL *s) { | 207 static void ssl3_take_mac(SSL *s) |
| 208 » { |
209 const char *sender; | 209 const char *sender; |
210 int slen; | 210 int slen; |
211 | 211 |
212 if (s->state & SSL_ST_CONNECT) | 212 if (s->state & SSL_ST_CONNECT) |
213 { | 213 { |
214 sender=s->method->ssl3_enc->server_finished_label; | 214 sender=s->method->ssl3_enc->server_finished_label; |
215 slen=s->method->ssl3_enc->server_finished_label_len; | 215 slen=s->method->ssl3_enc->server_finished_label_len; |
216 } | 216 } |
217 else | 217 else |
218 { | 218 { |
219 sender=s->method->ssl3_enc->client_finished_label; | 219 sender=s->method->ssl3_enc->client_finished_label; |
220 slen=s->method->ssl3_enc->client_finished_label_len; | 220 slen=s->method->ssl3_enc->client_finished_label_len; |
221 } | 221 } |
222 | 222 |
223 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, | 223 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, |
224 &(s->s3->finish_dgst1), | |
225 &(s->s3->finish_dgst2), | |
226 sender,slen,s->s3->tmp.peer_finish_md); | 224 sender,slen,s->s3->tmp.peer_finish_md); |
227 } | 225 » } |
| 226 #endif |
228 | 227 |
229 int ssl3_get_finished(SSL *s, int a, int b) | 228 int ssl3_get_finished(SSL *s, int a, int b) |
230 { | 229 { |
231 int al,i,ok; | 230 int al,i,ok; |
232 long n; | 231 long n; |
233 unsigned char *p; | 232 unsigned char *p; |
234 | 233 |
| 234 #ifdef OPENSSL_NO_NEXTPROTONEG |
| 235 /* the mac has already been generated when we received the |
| 236 * change cipher spec message and is in s->s3->tmp.peer_finish_md |
| 237 */ |
| 238 #endif |
| 239 |
235 n=s->method->ssl_get_message(s, | 240 n=s->method->ssl_get_message(s, |
236 a, | 241 a, |
237 b, | 242 b, |
238 SSL3_MT_FINISHED, | 243 SSL3_MT_FINISHED, |
239 64, /* should actually be 36+4 :-) */ | 244 64, /* should actually be 36+4 :-) */ |
240 &ok); | 245 &ok); |
241 | 246 |
242 if (!ok) return((int)n); | 247 if (!ok) return((int)n); |
243 | 248 |
244 /* If this occurs, we have missed a message */ | 249 /* If this occurs, we have missed a message */ |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
311 | 316 |
312 s->state=b; | 317 s->state=b; |
313 } | 318 } |
314 | 319 |
315 /* SSL3_ST_CW_CHANGE_B */ | 320 /* SSL3_ST_CW_CHANGE_B */ |
316 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); | 321 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); |
317 } | 322 } |
318 | 323 |
319 static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) | 324 static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) |
320 { | 325 { |
321 » » int n; | 326 » int n; |
322 » » unsigned char *p; | 327 » unsigned char *p; |
323 | 328 |
324 » » n=i2d_X509(x,NULL); | 329 » n=i2d_X509(x,NULL); |
325 » » if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) | 330 » if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) |
326 » » » { | 331 » » { |
327 » » » » SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB)
; | 332 » » SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); |
328 » » » » return(-1); | 333 » » return(-1); |
329 » » » } | 334 » » } |
330 » » p=(unsigned char *)&(buf->data[*l]); | 335 » p=(unsigned char *)&(buf->data[*l]); |
331 » » l2n3(n,p); | 336 » l2n3(n,p); |
332 » » i2d_X509(x,&p); | 337 » i2d_X509(x,&p); |
333 » » *l+=n+3; | 338 » *l+=n+3; |
334 | 339 |
335 » » return(0); | 340 » return(0); |
336 } | 341 } |
337 | 342 |
338 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) | 343 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) |
339 { | 344 { |
340 unsigned char *p; | 345 unsigned char *p; |
341 int i; | 346 int i; |
342 unsigned long l=7; | 347 unsigned long l=7; |
343 BUF_MEM *buf; | 348 BUF_MEM *buf; |
344 int no_chain; | 349 int no_chain; |
| 350 STACK_OF(X509) *cert_chain; |
345 | 351 |
346 » if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) | 352 » cert_chain = SSL_get_certificate_chain(s, x); |
| 353 |
| 354 » if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs || cert_ch
ain) |
347 no_chain = 1; | 355 no_chain = 1; |
348 else | 356 else |
349 no_chain = 0; | 357 no_chain = 0; |
350 | 358 |
351 /* TLSv1 sends a chain with nothing in it, instead of an alert */ | 359 /* TLSv1 sends a chain with nothing in it, instead of an alert */ |
352 buf=s->init_buf; | 360 buf=s->init_buf; |
353 if (!BUF_MEM_grow_clean(buf,10)) | 361 if (!BUF_MEM_grow_clean(buf,10)) |
354 { | 362 { |
355 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); | 363 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); |
356 return(0); | 364 return(0); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
388 } | 396 } |
389 } | 397 } |
390 /* Thawte special :-) */ | 398 /* Thawte special :-) */ |
391 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) | 399 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) |
392 { | 400 { |
393 x=sk_X509_value(s->ctx->extra_certs,i); | 401 x=sk_X509_value(s->ctx->extra_certs,i); |
394 if (ssl3_add_cert_to_buf(buf, &l, x)) | 402 if (ssl3_add_cert_to_buf(buf, &l, x)) |
395 return(0); | 403 return(0); |
396 } | 404 } |
397 | 405 |
| 406 for (i=0; i<sk_X509_num(cert_chain); i++) |
| 407 if (ssl3_add_cert_to_buf(buf, &l, sk_X509_value(cert_chain,i))) |
| 408 return(0); |
| 409 |
398 l-=7; | 410 l-=7; |
399 p=(unsigned char *)&(buf->data[4]); | 411 p=(unsigned char *)&(buf->data[4]); |
400 l2n3(l,p); | 412 l2n3(l,p); |
401 l+=3; | 413 l+=3; |
402 p=(unsigned char *)&(buf->data[0]); | 414 p=(unsigned char *)&(buf->data[0]); |
403 *(p++)=SSL3_MT_CERTIFICATE; | 415 *(p++)=SSL3_MT_CERTIFICATE; |
404 l2n3(l,p); | 416 l2n3(l,p); |
405 l+=4; | 417 l+=4; |
406 return(l); | 418 return(l); |
407 } | 419 } |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
527 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
n,0); | 539 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
n,0); |
528 if (i <= 0) | 540 if (i <= 0) |
529 { | 541 { |
530 s->rwstate=SSL_READING; | 542 s->rwstate=SSL_READING; |
531 *ok = 0; | 543 *ok = 0; |
532 return i; | 544 return i; |
533 } | 545 } |
534 s->init_num += i; | 546 s->init_num += i; |
535 n -= i; | 547 n -= i; |
536 } | 548 } |
| 549 |
| 550 #ifndef OPENSSL_NO_NEXTPROTONEG |
537 /* If receiving Finished, record MAC of prior handshake messages for | 551 /* If receiving Finished, record MAC of prior handshake messages for |
538 * Finished verification. */ | 552 * Finished verification. */ |
539 if (*s->init_buf->data == SSL3_MT_FINISHED) | 553 if (*s->init_buf->data == SSL3_MT_FINISHED) |
540 ssl3_take_mac(s); | 554 ssl3_take_mac(s); |
| 555 #endif |
| 556 |
541 /* Feed this message into MAC computation. */ | 557 /* Feed this message into MAC computation. */ |
542 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); | 558 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); |
543 if (s->msg_callback) | 559 if (s->msg_callback) |
544 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->d
ata, (size_t)s->init_num + 4, s, s->msg_callback_arg); | 560 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->d
ata, (size_t)s->init_num + 4, s, s->msg_callback_arg); |
545 *ok=1; | 561 *ok=1; |
546 return s->init_num; | 562 return s->init_num; |
547 f_err: | 563 f_err: |
548 ssl3_send_alert(s,SSL3_AL_FATAL,al); | 564 ssl3_send_alert(s,SSL3_AL_FATAL,al); |
549 err: | 565 err: |
550 *ok=0; | 566 *ok=0; |
(...skipping 17 matching lines...) Expand all Loading... |
568 ret=SSL_PKEY_RSA_ENC; | 584 ret=SSL_PKEY_RSA_ENC; |
569 } | 585 } |
570 else if (i == EVP_PKEY_DSA) | 586 else if (i == EVP_PKEY_DSA) |
571 { | 587 { |
572 ret=SSL_PKEY_DSA_SIGN; | 588 ret=SSL_PKEY_DSA_SIGN; |
573 } | 589 } |
574 #ifndef OPENSSL_NO_EC | 590 #ifndef OPENSSL_NO_EC |
575 else if (i == EVP_PKEY_EC) | 591 else if (i == EVP_PKEY_EC) |
576 { | 592 { |
577 ret = SSL_PKEY_ECC; | 593 ret = SSL_PKEY_ECC; |
| 594 } |
| 595 #endif |
| 596 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) |
| 597 { |
| 598 ret = SSL_PKEY_GOST94; |
578 } | 599 } |
579 #endif | 600 » else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) |
580 | 601 » » { |
| 602 » » ret = SSL_PKEY_GOST01; |
| 603 » » } |
581 err: | 604 err: |
582 if(!pkey) EVP_PKEY_free(pk); | 605 if(!pkey) EVP_PKEY_free(pk); |
583 return(ret); | 606 return(ret); |
584 } | 607 } |
585 | 608 |
586 int ssl_verify_alarm_type(long type) | 609 int ssl_verify_alarm_type(long type) |
587 { | 610 { |
588 int al; | 611 int al; |
589 | 612 |
590 switch(type) | 613 switch(type) |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
636 case X509_V_ERR_INVALID_PURPOSE: | 659 case X509_V_ERR_INVALID_PURPOSE: |
637 al=SSL_AD_UNSUPPORTED_CERTIFICATE; | 660 al=SSL_AD_UNSUPPORTED_CERTIFICATE; |
638 break; | 661 break; |
639 default: | 662 default: |
640 al=SSL_AD_CERTIFICATE_UNKNOWN; | 663 al=SSL_AD_CERTIFICATE_UNKNOWN; |
641 break; | 664 break; |
642 } | 665 } |
643 return(al); | 666 return(al); |
644 } | 667 } |
645 | 668 |
646 int ssl3_setup_buffers(SSL *s) | 669 #ifndef OPENSSL_NO_BUF_FREELISTS |
| 670 /* On some platforms, malloc() performance is bad enough that you can't just |
| 671 * free() and malloc() buffers all the time, so we need to use freelists from |
| 672 * unused buffers. Currently, each freelist holds memory chunks of only a |
| 673 * given size (list->chunklen); other sized chunks are freed and malloced. |
| 674 * This doesn't help much if you're using many different SSL option settings |
| 675 * with a given context. (The options affecting buffer size are |
| 676 * max_send_fragment, read buffer vs write buffer, |
| 677 * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and |
| 678 * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every |
| 679 * possible size is not an option, since max_send_fragment can take on many |
| 680 * different values. |
| 681 * |
| 682 * If you are on a platform with a slow malloc(), and you're using SSL |
| 683 * connections with many different settings for these options, and you need to |
| 684 * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options: |
| 685 * - Link against a faster malloc implementation. |
| 686 * - Use a separate SSL_CTX for each option set. |
| 687 * - Improve this code. |
| 688 */ |
| 689 static void * |
| 690 freelist_extract(SSL_CTX *ctx, int for_read, int sz) |
| 691 » { |
| 692 » SSL3_BUF_FREELIST *list; |
| 693 » SSL3_BUF_FREELIST_ENTRY *ent = NULL; |
| 694 » void *result = NULL; |
| 695 |
| 696 » CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 697 » list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; |
| 698 » if (list != NULL && sz == (int)list->chunklen) |
| 699 » » ent = list->head; |
| 700 » if (ent != NULL) |
| 701 » » { |
| 702 » » list->head = ent->next; |
| 703 » » result = ent; |
| 704 » » if (--list->len == 0) |
| 705 » » » list->chunklen = 0; |
| 706 » » } |
| 707 » CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 708 » if (!result) |
| 709 » » result = OPENSSL_malloc(sz); |
| 710 » return result; |
| 711 } |
| 712 |
| 713 static void |
| 714 freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) |
| 715 » { |
| 716 » SSL3_BUF_FREELIST *list; |
| 717 » SSL3_BUF_FREELIST_ENTRY *ent; |
| 718 |
| 719 » CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 720 » list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; |
| 721 » if (list != NULL && |
| 722 » (sz == list->chunklen || list->chunklen == 0) && |
| 723 » list->len < ctx->freelist_max_len && |
| 724 » sz >= sizeof(*ent)) |
| 725 » » { |
| 726 » » list->chunklen = sz; |
| 727 » » ent = mem; |
| 728 » » ent->next = list->head; |
| 729 » » list->head = ent; |
| 730 » » ++list->len; |
| 731 » » mem = NULL; |
| 732 » » } |
| 733 |
| 734 » CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 735 » if (mem) |
| 736 » » OPENSSL_free(mem); |
| 737 » } |
| 738 #else |
| 739 #define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) |
| 740 #define freelist_insert(c,fr,sz,m) OPENSSL_free(m) |
| 741 #endif |
| 742 |
| 743 int ssl3_setup_read_buffer(SSL *s) |
647 { | 744 { |
648 unsigned char *p; | 745 unsigned char *p; |
649 » unsigned int extra,headerlen; | 746 » size_t len,align=0,headerlen; |
650 » size_t len; | 747 » |
651 | |
652 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) | 748 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) |
653 headerlen = DTLS1_RT_HEADER_LENGTH; | 749 headerlen = DTLS1_RT_HEADER_LENGTH; |
654 else | 750 else |
655 headerlen = SSL3_RT_HEADER_LENGTH; | 751 headerlen = SSL3_RT_HEADER_LENGTH; |
656 | 752 |
| 753 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 |
| 754 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); |
| 755 #endif |
| 756 |
657 if (s->s3->rbuf.buf == NULL) | 757 if (s->s3->rbuf.buf == NULL) |
658 { | 758 { |
659 » » if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) | 759 » » if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) |
660 » » » extra=SSL3_RT_MAX_EXTRA; | 760 » » » { |
661 » » else | 761 » » » len = SSL3_RT_DEFAULT_PACKET_SIZE; |
662 » » » extra=0; | 762 » » » } |
663 » » len = SSL3_RT_MAX_PACKET_SIZE + extra; | 763 » » else |
664 » » if ((p=OPENSSL_malloc(len)) == NULL) | 764 » » » { |
| 765 » » » len = SSL3_RT_MAX_PLAIN_LENGTH |
| 766 » » » » + SSL3_RT_MAX_ENCRYPTED_OVERHEAD |
| 767 » » » » + headerlen + align; |
| 768 » » » if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) |
| 769 » » » » { |
| 770 » » » » s->s3->init_extra = 1; |
| 771 » » » » len += SSL3_RT_MAX_EXTRA; |
| 772 » » » » } |
| 773 » » » } |
| 774 #ifndef OPENSSL_NO_COMP |
| 775 » » if (!(s->options & SSL_OP_NO_COMPRESSION)) |
| 776 » » » len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; |
| 777 #endif |
| 778 » » if ((p=freelist_extract(s->ctx, 1, len)) == NULL) |
665 goto err; | 779 goto err; |
666 s->s3->rbuf.buf = p; | 780 s->s3->rbuf.buf = p; |
667 s->s3->rbuf.len = len; | 781 s->s3->rbuf.len = len; |
668 } | 782 } |
669 | 783 |
| 784 s->packet= &(s->s3->rbuf.buf[0]); |
| 785 return 1; |
| 786 |
| 787 err: |
| 788 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE); |
| 789 return 0; |
| 790 } |
| 791 |
| 792 int ssl3_setup_write_buffer(SSL *s) |
| 793 { |
| 794 unsigned char *p; |
| 795 size_t len,align=0,headerlen; |
| 796 |
| 797 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) |
| 798 headerlen = DTLS1_RT_HEADER_LENGTH + 1; |
| 799 else |
| 800 headerlen = SSL3_RT_HEADER_LENGTH; |
| 801 |
| 802 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 |
| 803 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); |
| 804 #endif |
| 805 |
670 if (s->s3->wbuf.buf == NULL) | 806 if (s->s3->wbuf.buf == NULL) |
671 { | 807 { |
672 » » len = SSL3_RT_MAX_PACKET_SIZE; | 808 » » if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) |
673 » » len += headerlen + 256; /* extra space for empty fragment */ | 809 » » » { |
674 » » if ((p=OPENSSL_malloc(len)) == NULL) | 810 » » » len = SSL3_RT_DEFAULT_PACKET_SIZE; |
| 811 » » » } |
| 812 » » else |
| 813 » » » { |
| 814 » » » len = s->max_send_fragment; |
| 815 » » » } |
| 816 » » len += 0 |
| 817 » » » + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD |
| 818 » » » + headerlen + align; |
| 819 #ifndef OPENSSL_NO_COMP |
| 820 » » if (!(s->options & SSL_OP_NO_COMPRESSION)) |
| 821 » » » len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; |
| 822 #endif |
| 823 » » if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) |
| 824 » » » len += headerlen + align |
| 825 » » » » + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; |
| 826 » » if ((p=freelist_extract(s->ctx, 0, len)) == NULL) |
675 goto err; | 827 goto err; |
676 s->s3->wbuf.buf = p; | 828 s->s3->wbuf.buf = p; |
677 s->s3->wbuf.len = len; | 829 s->s3->wbuf.len = len; |
678 } | 830 } |
679 » s->packet= &(s->s3->rbuf.buf[0]); | 831 |
680 » return(1); | 832 » return 1; |
| 833 |
681 err: | 834 err: |
682 » SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE); | 835 » SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE); |
683 » return(0); | 836 » return 0; |
684 » } | 837 » } |
| 838 |
| 839 |
| 840 int ssl3_setup_buffers(SSL *s) |
| 841 » { |
| 842 » if (!ssl3_setup_read_buffer(s)) |
| 843 » » return 0; |
| 844 » if (!ssl3_setup_write_buffer(s)) |
| 845 » » return 0; |
| 846 » return 1; |
| 847 » } |
| 848 |
| 849 int ssl3_release_write_buffer(SSL *s) |
| 850 » { |
| 851 » if (s->s3->wbuf.buf != NULL) |
| 852 » » { |
| 853 » » freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); |
| 854 » » s->s3->wbuf.buf = NULL; |
| 855 » » } |
| 856 » return 1; |
| 857 » } |
| 858 |
| 859 int ssl3_release_read_buffer(SSL *s) |
| 860 » { |
| 861 » if (s->s3->rbuf.buf != NULL) |
| 862 » » { |
| 863 » » freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); |
| 864 » » s->s3->rbuf.buf = NULL; |
| 865 » » } |
| 866 » return 1; |
| 867 » } |
OLD | NEW |