Change ssl3_get_message and the functions using it so that complete

[openssl.git] / ssl / s3_both.c

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index d92c164b0fa911e4c2458a3cf4e9b04c25c61484..409120badecd960ac7b7dc0b3c0a933e1e197b2f 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -109,6 +109,7 @@
  *
  */
 
+#include <limits.h>
 #include <string.h>
 #include <stdio.h>
 #include <openssl/buffer.h>
@@ -158,7 +159,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                p+=i;
                l=i;
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
                /* MSVC 1.5 does not clear the top bytes of the word unless
                 * I do this.
                 */
@@ -205,7 +206,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
                }
        s->s3->change_cipher_spec=0;
 
-       p = (unsigned char *)s->init_buf->data;
+       p = (unsigned char *)s->init_msg;
        i = s->s3->tmp.peer_finish_md_len;
 
        if (i != n)
@@ -272,7 +273,11 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                }
        if (x != NULL)
                {
-               X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
+               if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+                       {
+                       SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+                       return(0);
+                       }
 
                for (;;)
                        {
@@ -351,6 +356,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                        goto f_err;
                        }
                *ok=1;
+               s->init_msg = s->init_buf->data + 4;
                return((int)s->s3->tmp.message_size);
                }
 
@@ -365,7 +371,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                        while (s->init_num < 4)
                                {
                                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
-                                       4 - s->init_num);
+                                       4 - s->init_num, 0);
                                if (i <= 0)
                                        {
                                        s->rwstate=SSL_READING;
@@ -383,7 +389,11 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                                         * if their format is correct. Does not count for
                                         * 'Finished' MAC. */
                                        if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
+                                               {
+                                               s->init_num = 0;
                                                skip_message = 1;
+                                               }
+                       
                        }
                while (skip_message);
 
@@ -407,8 +417,6 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                        ssl3_init_finished_mac(s);
                        }
 
-               ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, 4);
-                       
                s->s3->tmp.message_type= *(p++);
 
                n2l3(p,l);
@@ -418,7 +426,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
                        goto f_err;
                        }
-               if (l && !BUF_MEM_grow(s->init_buf,(int)l))
+               if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
+                       {
+                       al=SSL_AD_ILLEGAL_PARAMETER;
+                       SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                       goto f_err;
+                       }
+               if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))
                        {
                        SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
                        goto err;
@@ -426,15 +440,16 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                s->s3->tmp.message_size=l;
                s->state=stn;
 
-               s->init_num=0;
+               s->init_msg = s->init_buf->data + 4;
+               s->init_num = 0;
                }
 
        /* next state (stn) */
-       p=(unsigned char *)s->init_buf->data;
-       n=s->s3->tmp.message_size;
+       p = s->init_msg;
+       n = s->s3->tmp.message_size - s->init_num;
        while (n > 0)
                {
-               i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n);
+               i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
                if (i <= 0)
                        {
                        s->rwstate=SSL_READING;
@@ -444,7 +459,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                s->init_num += i;
                n -= i;
                }
-       ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
+       ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
        *ok=1;
        return s->init_num;
 f_err:
@@ -512,6 +527,7 @@ int ssl_verify_alarm_type(long type)
                {
        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
        case X509_V_ERR_UNABLE_TO_GET_CRL:
+       case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
                al=SSL_AD_UNKNOWN_CA;
                break;
        case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: