/* TLSv1 sends a chain with nothing in it, instead of an alert */
buf=s->init_buf;
- if (!BUF_MEM_grow(buf,(int)(10)))
+ if (!BUF_MEM_grow_clean(buf,10))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
for (;;)
{
n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+ if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
{
x=sk_X509_value(s->ctx->extra_certs,i);
n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+ if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
- if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))
+ if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
{
SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC
- /* As for ECC certificates, additional
- * information (e.g. in the optional key usage X509v3
- * extension) could be used when available to distinguish
- * between ECDH and ECDSA certificates. For now, we do not
- * make that distinction here. Instead, we shift the burden
- * of checking for appropriate key usage to the SSL code
- * responsible for sending/processing ECC certificates.
- */
else if (i == EVP_PKEY_EC)
{
ret = SSL_PKEY_ECC;