* at once (as long as it fits into the buffer). */
if (SSL_IS_DTLS(s))
{
+ if (left == 0 && extend)
+ return 0;
if (left > 0 && n > left)
n = left;
}
* ssl3_get_record to loop forever. */
#define MAX_EMPTY_RECORDS 32
-/* Call this to get a new input record.
+/*-
+ * Call this to get a new input record.
* It will return <= 0 if more data is needed, normally due to an error
* or non-blocking IO.
* When it finishes, one packet has been decoded and can be found in
}
enc_err = s->method->ssl3_enc->enc(s,0);
- /* enc_err is:
+ /*-
+ * enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 1: if the padding is valid
- * -1: if the padding is invalid */
+ * -1: if the padding is invalid
+ */
if (enc_err == 0)
{
al=SSL_AD_DECRYPTION_FAILED;
}
rr->off=0;
- /* So at this point the following is true
+ /*-
+ * So at this point the following is true
* ssl->s3->rrec.type is the type of record
* ssl->s3->rrec.length == number of bytes in record
* ssl->s3->rrec.off == offset to first valid byte
if (empty_record_count > MAX_EMPTY_RECORDS)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_TOO_MANY_EMPTY_FRAGMENTS);
+ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL);
goto f_err;
}
goto again;
#endif
SSL3_BUFFER *wb=&(s->s3->wbuf);
int i;
+ unsigned int u_len = (unsigned int)len;
+
+ if (len < 0)
+ {
+ SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_NEGATIVE_LENGTH);
+ return -1;
+ }
s->rwstate=SSL_NOTHING;
OPENSSL_assert(s->s3->wnum <= INT_MAX);
* compromise is considered worthy.
*/
if (type==SSL3_RT_APPLICATION_DATA &&
- len >= 4*(int)(max_send_fragment=s->max_send_fragment) &&
+ u_len >= 4*(max_send_fragment=s->max_send_fragment) &&
s->compress==NULL && s->msg_callback==NULL &&
!SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
EVP_CIPHER_flags(s->enc_write_ctx->cipher)&EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
int packlen;
/* minimize address aliasing conflicts */
- if ((max_send_fragment&0xffff) == 0)
+ if ((max_send_fragment&0xfff) == 0)
max_send_fragment -= 512;
if (tot==0 || wb->buf==NULL) /* allocate jumbo buffer */
EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
max_send_fragment,NULL);
- if (len>=8*(int)max_send_fragment) packlen *= 8;
+ if (u_len >= 8*max_send_fragment) packlen *= 8;
else packlen *= 4;
wb->buf=OPENSSL_malloc(packlen);
#if 0 && !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
if (type==SSL3_RT_APPLICATION_DATA && s->compress==NULL &&
- !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && /*!SSL_IS_DTLS(s) &&*/
+ !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
EVP_CIPHER_flags(s->enc_write_ctx->cipher)&EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
do {
unsigned char aad[13];
wr->length += eivlen;
}
- /* ssl3_enc can only have an error on read */
- s->method->ssl3_enc->enc(s,1);
+ if(s->method->ssl3_enc->enc(s,1)<1) goto err;
if (SSL_USE_ETM(s) && mac_size != 0)
{
}
}
-/* Return up to 'len' payload bytes received in 'type' records.
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
* 'type' is one of the following:
*
* - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
start:
s->rwstate=SSL_NOTHING;
- /* s->s3->rrec.type - is the type of record
+ /*-
+ * s->s3->rrec.type - is the type of record
* s->s3->rrec.data, - data
* s->s3->rrec.off, - offset into 'data' for next read
- * s->s3->rrec.length, - number of bytes. */
+ * s->s3->rrec.length, - number of bytes.
+ */
rr = &(s->s3->rrec);
/* get new packet if necessary */
}
}
- /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
+ /*-
+ * s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
* s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
- * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
+ * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+ */
/* If we are a client, check for an incoming 'Hello Request': */
if ((!s->server) &&
desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
if (desc < 0) return -1;
/* If a fatal one, remove from cache */
- if ((level == 2) && (s->session != NULL))
+ if ((level == SSL3_AL_FATAL) && (s->session != NULL))
SSL_CTX_remove_session(s->ctx,s->session);
s->s3->alert_dispatch=1;