Wed Aug 5 18:38:22 2009 UTC ()
resolve conflicts


(christos)
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/apps/ca.c
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/engine/eng_cryptodev.c
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/lhash/lhash.h
diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/apps/ca.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/apps/ca.c 2009/07/19 23:30:38 1.2
+++ src/crypto/external/bsd/openssl/dist/apps/ca.c 2009/08/05 18:38:21 1.3
@@ -873,29 +873,29 @@ bad: @@ -873,29 +873,29 @@ bad:
873 } 873 }
874 874
875 /*****************************************************************/ 875 /*****************************************************************/
876 /* we need to load the database file */ 876 /* we need to load the database file */
877 if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) 877 if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
878 { 878 {
879 lookup_fail(section,ENV_DATABASE); 879 lookup_fail(section,ENV_DATABASE);
880 goto err; 880 goto err;
881 } 881 }
882 db = load_index(dbfile, &db_attr); 882 db = load_index(dbfile, &db_attr);
883 if (db == NULL) goto err; 883 if (db == NULL) goto err;
884 884
885 /* Lets check some fields */ 885 /* Lets check some fields */
886 for (i=0; i<sk_PSTRING_num(db->db->data); i++) 886 for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
887 { 887 {
888 pp=sk_PSTRING_value(db->db->data,i); 888 pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
889 if ((pp[DB_type][0] != DB_TYPE_REV) && 889 if ((pp[DB_type][0] != DB_TYPE_REV) &&
890 (pp[DB_rev_date][0] != '\0')) 890 (pp[DB_rev_date][0] != '\0'))
891 { 891 {
892 BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1); 892 BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);
893 goto err; 893 goto err;
894 } 894 }
895 if ((pp[DB_type][0] == DB_TYPE_REV) && 895 if ((pp[DB_type][0] == DB_TYPE_REV) &&
896 !make_revoked(NULL, pp[DB_rev_date])) 896 !make_revoked(NULL, pp[DB_rev_date]))
897 { 897 {
898 BIO_printf(bio_err," in entry %d\n", i+1); 898 BIO_printf(bio_err," in entry %d\n", i+1);
899 goto err; 899 goto err;
900 } 900 }
901 if (!check_time_format((char *)pp[DB_exp_date])) 901 if (!check_time_format((char *)pp[DB_exp_date]))
@@ -928,27 +928,27 @@ bad: @@ -928,27 +928,27 @@ bad:
928 } 928 }
929 } 929 }
930 if (verbose) 930 if (verbose)
931 { 931 {
932 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ 932 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
933#ifdef OPENSSL_SYS_VMS 933#ifdef OPENSSL_SYS_VMS
934 { 934 {
935 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 935 BIO *tmpbio = BIO_new(BIO_f_linebuffer());
936 out = BIO_push(tmpbio, out); 936 out = BIO_push(tmpbio, out);
937 } 937 }
938#endif 938#endif
939 TXT_DB_write(out,db->db); 939 TXT_DB_write(out,db->db);
940 BIO_printf(bio_err,"%d entries loaded from the database\n", 940 BIO_printf(bio_err,"%d entries loaded from the database\n",
941 sk_PSTRING_num(db->db->data)); 941 sk_OPENSSL_PSTRING_num(db->db->data));
942 BIO_printf(bio_err,"generating index\n"); 942 BIO_printf(bio_err,"generating index\n");
943 } 943 }
944  944
945 if (!index_index(db)) goto err; 945 if (!index_index(db)) goto err;
946 946
947 /*****************************************************************/ 947 /*****************************************************************/
948 /* Update the db file for expired certificates */ 948 /* Update the db file for expired certificates */
949 if (doupdatedb) 949 if (doupdatedb)
950 { 950 {
951 if (verbose) 951 if (verbose)
952 BIO_printf(bio_err, "Updating %s ...\n", 952 BIO_printf(bio_err, "Updating %s ...\n",
953 dbfile); 953 dbfile);
954 954
@@ -1398,29 +1398,29 @@ bad: @@ -1398,29 +1398,29 @@ bad:
1398 if (verbose) BIO_printf(bio_err,"making CRL\n"); 1398 if (verbose) BIO_printf(bio_err,"making CRL\n");
1399 if ((crl=X509_CRL_new()) == NULL) goto err; 1399 if ((crl=X509_CRL_new()) == NULL) goto err;
1400 if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err; 1400 if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;
1401 1401
1402 tmptm = ASN1_TIME_new(); 1402 tmptm = ASN1_TIME_new();
1403 if (!tmptm) goto err; 1403 if (!tmptm) goto err;
1404 X509_gmtime_adj(tmptm,0); 1404 X509_gmtime_adj(tmptm,0);
1405 X509_CRL_set_lastUpdate(crl, tmptm);  1405 X509_CRL_set_lastUpdate(crl, tmptm);
1406 X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, NULL); 1406 X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, NULL);
1407 X509_CRL_set_nextUpdate(crl, tmptm);  1407 X509_CRL_set_nextUpdate(crl, tmptm);
1408 1408
1409 ASN1_TIME_free(tmptm); 1409 ASN1_TIME_free(tmptm);
1410 1410
1411 for (i=0; i<sk_PSTRING_num(db->db->data); i++) 1411 for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
1412 { 1412 {
1413 pp=sk_PSTRING_value(db->db->data,i); 1413 pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
1414 if (pp[DB_type][0] == DB_TYPE_REV) 1414 if (pp[DB_type][0] == DB_TYPE_REV)
1415 { 1415 {
1416 if ((r=X509_REVOKED_new()) == NULL) goto err; 1416 if ((r=X509_REVOKED_new()) == NULL) goto err;
1417 j = make_revoked(r, pp[DB_rev_date]); 1417 j = make_revoked(r, pp[DB_rev_date]);
1418 if (!j) goto err; 1418 if (!j) goto err;
1419 if (j == 2) crl_v2 = 1; 1419 if (j == 2) crl_v2 = 1;
1420 if (!BN_hex2bn(&serial, pp[DB_serial])) 1420 if (!BN_hex2bn(&serial, pp[DB_serial]))
1421 goto err; 1421 goto err;
1422 tmpser = BN_to_ASN1_INTEGER(serial, NULL); 1422 tmpser = BN_to_ASN1_INTEGER(serial, NULL);
1423 BN_free(serial); 1423 BN_free(serial);
1424 serial = NULL; 1424 serial = NULL;
1425 if (!tmpser) 1425 if (!tmpser)
1426 goto err; 1426 goto err;
@@ -1675,29 +1675,29 @@ static int do_body(X509 **xret, EVP_PKEY @@ -1675,29 +1675,29 @@ static int do_body(X509 **xret, EVP_PKEY
1675 { 1675 {
1676 X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; 1676 X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
1677 ASN1_UTCTIME *tm,*tmptm; 1677 ASN1_UTCTIME *tm,*tmptm;
1678 ASN1_STRING *str,*str2; 1678 ASN1_STRING *str,*str2;
1679 ASN1_OBJECT *obj; 1679 ASN1_OBJECT *obj;
1680 X509 *ret=NULL; 1680 X509 *ret=NULL;
1681 X509_CINF *ci; 1681 X509_CINF *ci;
1682 X509_NAME_ENTRY *ne; 1682 X509_NAME_ENTRY *ne;
1683 X509_NAME_ENTRY *tne,*push; 1683 X509_NAME_ENTRY *tne,*push;
1684 EVP_PKEY *pktmp; 1684 EVP_PKEY *pktmp;
1685 int ok= -1,i,j,last,nid; 1685 int ok= -1,i,j,last,nid;
1686 const char *p; 1686 const char *p;
1687 CONF_VALUE *cv; 1687 CONF_VALUE *cv;
1688 STRING row[DB_NUMBER]; 1688 OPENSSL_STRING row[DB_NUMBER];
1689 STRING *irow=NULL; 1689 OPENSSL_STRING *irow=NULL;
1690 STRING *rrow=NULL; 1690 OPENSSL_STRING *rrow=NULL;
1691 char buf[25]; 1691 char buf[25];
1692 1692
1693 tmptm=ASN1_UTCTIME_new(); 1693 tmptm=ASN1_UTCTIME_new();
1694 if (tmptm == NULL) 1694 if (tmptm == NULL)
1695 { 1695 {
1696 BIO_printf(bio_err,"malloc error\n"); 1696 BIO_printf(bio_err,"malloc error\n");
1697 return(0); 1697 return(0);
1698 } 1698 }
1699 1699
1700 for (i=0; i<DB_NUMBER; i++) 1700 for (i=0; i<DB_NUMBER; i++)
1701 row[i]=NULL; 1701 row[i]=NULL;
1702 1702
1703 if (subj) 1703 if (subj)
@@ -1919,27 +1919,27 @@ again2: @@ -1919,27 +1919,27 @@ again2:
1919 1919
1920 if (BN_is_zero(serial)) 1920 if (BN_is_zero(serial))
1921 row[DB_serial]=BUF_strdup("00"); 1921 row[DB_serial]=BUF_strdup("00");
1922 else 1922 else
1923 row[DB_serial]=BN_bn2hex(serial); 1923 row[DB_serial]=BN_bn2hex(serial);
1924 if (row[DB_serial] == NULL) 1924 if (row[DB_serial] == NULL)
1925 { 1925 {
1926 BIO_printf(bio_err,"Memory allocation failure\n"); 1926 BIO_printf(bio_err,"Memory allocation failure\n");
1927 goto err; 1927 goto err;
1928 } 1928 }
1929 1929
1930 if (db->attributes.unique_subject) 1930 if (db->attributes.unique_subject)
1931 { 1931 {
1932 STRING *crow=row; 1932 OPENSSL_STRING *crow=row;
1933 1933
1934 rrow=TXT_DB_get_by_index(db->db,DB_name,crow); 1934 rrow=TXT_DB_get_by_index(db->db,DB_name,crow);
1935 if (rrow != NULL) 1935 if (rrow != NULL)
1936 { 1936 {
1937 BIO_printf(bio_err, 1937 BIO_printf(bio_err,
1938 "ERROR:There is already a certificate for %s\n", 1938 "ERROR:There is already a certificate for %s\n",
1939 row[DB_name]); 1939 row[DB_name]);
1940 } 1940 }
1941 } 1941 }
1942 if (rrow == NULL) 1942 if (rrow == NULL)
1943 { 1943 {
1944 rrow=TXT_DB_get_by_index(db->db,DB_serial,row); 1944 rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
1945 if (rrow != NULL) 1945 if (rrow != NULL)
@@ -2622,29 +2622,29 @@ static int do_updatedb (CA_DB *db) @@ -2622,29 +2622,29 @@ static int do_updatedb (CA_DB *db)
2622 { 2622 {
2623 cnt = -1; 2623 cnt = -1;
2624 goto err; 2624 goto err;
2625 } 2625 }
2626 2626
2627 memcpy(a_tm_s, a_tm->data, a_tm->length); 2627 memcpy(a_tm_s, a_tm->data, a_tm->length);
2628 a_tm_s[a_tm->length] = '\0'; 2628 a_tm_s[a_tm->length] = '\0';
2629 2629
2630 if (strncmp(a_tm_s, "49", 2) <= 0) 2630 if (strncmp(a_tm_s, "49", 2) <= 0)
2631 a_y2k = 1; 2631 a_y2k = 1;
2632 else 2632 else
2633 a_y2k = 0; 2633 a_y2k = 0;
2634 2634
2635 for (i = 0; i < sk_PSTRING_num(db->db->data); i++) 2635 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
2636 { 2636 {
2637 rrow = sk_PSTRING_value(db->db->data, i); 2637 rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
2638 2638
2639 if (rrow[DB_type][0] == 'V') 2639 if (rrow[DB_type][0] == 'V')
2640 { 2640 {
2641 /* ignore entries that are not valid */ 2641 /* ignore entries that are not valid */
2642 if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) 2642 if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
2643 db_y2k = 1; 2643 db_y2k = 1;
2644 else 2644 else
2645 db_y2k = 0; 2645 db_y2k = 0;
2646 2646
2647 if (db_y2k == a_y2k) 2647 if (db_y2k == a_y2k)
2648 { 2648 {
2649 /* all on the same y2k side */ 2649 /* all on the same y2k side */
2650 if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) 2650 if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0)
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c 2009/07/19 23:30:39 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c 2009/08/05 18:38:21 1.3
@@ -341,54 +341,63 @@ static char *dlfcn_merger(DSO *dso, cons @@ -341,54 +341,63 @@ static char *dlfcn_merger(DSO *dso, cons
341 if(!merged) 341 if(!merged)
342 { 342 {
343 DSOerr(DSO_F_DLFCN_MERGER, 343 DSOerr(DSO_F_DLFCN_MERGER,
344 ERR_R_MALLOC_FAILURE); 344 ERR_R_MALLOC_FAILURE);
345 return(NULL); 345 return(NULL);
346 } 346 }
347 strcpy(merged, filespec2); 347 strcpy(merged, filespec2);
348 merged[spec2len] = '/'; 348 merged[spec2len] = '/';
349 strcpy(&merged[spec2len + 1], filespec1); 349 strcpy(&merged[spec2len + 1], filespec1);
350 } 350 }
351 return(merged); 351 return(merged);
352 } 352 }
353 353
 354#ifdef OPENSSL_SYS_MACOSX
 355#define DSO_ext ".dylib"
 356#define DSO_extlen 6
 357#else
 358#define DSO_ext ".so"
 359#define DSO_extlen 3
 360#endif
 361
 362
354static char *dlfcn_name_converter(DSO *dso, const char *filename) 363static char *dlfcn_name_converter(DSO *dso, const char *filename)
355 { 364 {
356 char *translated; 365 char *translated;
357 int len, rsize, transform; 366 int len, rsize, transform;
358 367
359 len = strlen(filename); 368 len = strlen(filename);
360 rsize = len + 1; 369 rsize = len + 1;
361 transform = (strstr(filename, "/") == NULL); 370 transform = (strstr(filename, "/") == NULL);
362 if(transform) 371 if(transform)
363 { 372 {
364 /* We will convert this to "%s.so" or "lib%s.so" */ 373 /* We will convert this to "%s.so" or "lib%s.so" etc */
365 rsize += 3; /* The length of ".so" */ 374 rsize += DSO_extlen; /* The length of ".so" */
366 if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) 375 if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
367 rsize += 3; /* The length of "lib" */ 376 rsize += 3; /* The length of "lib" */
368 } 377 }
369 translated = OPENSSL_malloc(rsize); 378 translated = OPENSSL_malloc(rsize);
370 if(translated == NULL) 379 if(translated == NULL)
371 { 380 {
372 DSOerr(DSO_F_DLFCN_NAME_CONVERTER, 381 DSOerr(DSO_F_DLFCN_NAME_CONVERTER,
373 DSO_R_NAME_TRANSLATION_FAILED); 382 DSO_R_NAME_TRANSLATION_FAILED);
374 return(NULL); 383 return(NULL);
375 } 384 }
376 if(transform) 385 if(transform)
377 { 386 {
378 if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) 387 if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
379 snprintf(translated, rsize, "lib%s.so", filename); 388 snprintf(translated, rsize, "lib%s" DSO_ext, filename);
380 else 389 else
381 snprintf(translated, rsize, "%s.so", filename); 390 snprintf(translated, rsize, "%s" DSO_ext, filename);
382 } 391 }
383 else 392 else
384 snprintf(translated, rsize, "%s", filename); 393 snprintf(translated, rsize, "%s", filename);
385 return(translated); 394 return(translated);
386 } 395 }
387 396
388#ifdef __sgi 397#ifdef __sgi
389/* 398/*
390This is a quote from IRIX manual for dladdr(3c): 399This is a quote from IRIX manual for dladdr(3c):
391 400
392 <dlfcn.h> does not contain a prototype for dladdr or definition of 401 <dlfcn.h> does not contain a prototype for dladdr or definition of
393 Dl_info. The #include <dlfcn.h> in the SYNOPSIS line is traditional, 402 Dl_info. The #include <dlfcn.h> in the SYNOPSIS line is traditional,
394 but contains no dladdr prototype and no IRIX library contains an 403 but contains no dladdr prototype and no IRIX library contains an
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/engine/Attic/eng_cryptodev.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/engine/Attic/eng_cryptodev.c 2009/07/19 23:30:39 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/engine/Attic/eng_cryptodev.c 2009/08/05 18:38:21 1.3
@@ -23,27 +23,27 @@ @@ -23,27 +23,27 @@
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 * 27 *
28 */ 28 */
29 29
30#include <openssl/objects.h> 30#include <openssl/objects.h>
31#include <openssl/engine.h> 31#include <openssl/engine.h>
32#include <openssl/evp.h> 32#include <openssl/evp.h>
33#include <openssl/bn.h> 33#include <openssl/bn.h>
34 34
35#if (defined(__unix__) || defined(unix)) && !defined(USG) && \ 35#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
36 (defined(OpenBSD) || defined(__FreeBSD_version)) 36 (defined(OpenBSD) || defined(__FreeBSD__))
37#include <sys/param.h> 37#include <sys/param.h>
38# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) || defined(__NetBSD__) 38# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) || defined(__NetBSD__)
39# define HAVE_CRYPTODEV 39# define HAVE_CRYPTODEV
40# endif 40# endif
41# if (OpenBSD >= 200110) 41# if (OpenBSD >= 200110)
42# define HAVE_SYSLOG_R 42# define HAVE_SYSLOG_R
43# endif 43# endif
44#endif 44#endif
45 45
46#ifndef HAVE_CRYPTODEV 46#ifndef HAVE_CRYPTODEV
47 47
48void 48void
49ENGINE_load_cryptodev(void) 49ENGINE_load_cryptodev(void)
@@ -76,27 +76,27 @@ struct dev_crypto_state { @@ -76,27 +76,27 @@ struct dev_crypto_state {
76 unsigned char digest_res[HASH_MAX_LEN]; 76 unsigned char digest_res[HASH_MAX_LEN];
77 char *mac_data; 77 char *mac_data;
78 int mac_len; 78 int mac_len;
79 79
80 int copy; 80 int copy;
81#endif 81#endif
82}; 82};
83 83
84static u_int32_t cryptodev_asymfeat = 0; 84static u_int32_t cryptodev_asymfeat = 0;
85 85
86static int open_dev_crypto(void); 86static int open_dev_crypto(void);
87static int get_dev_crypto(void); 87static int get_dev_crypto(void);
88static int get_cryptodev_ciphers(const int **cnids); 88static int get_cryptodev_ciphers(const int **cnids);
89static int get_cryptodev_digests(const int **cnids); 89/*static int get_cryptodev_digests(const int **cnids);*/
90static int cryptodev_usable_ciphers(const int **nids); 90static int cryptodev_usable_ciphers(const int **nids);
91static int cryptodev_usable_digests(const int **nids); 91static int cryptodev_usable_digests(const int **nids);
92static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 92static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
93 const unsigned char *in, size_t inl); 93 const unsigned char *in, size_t inl);
94static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 94static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
95 const unsigned char *iv, int enc); 95 const unsigned char *iv, int enc);
96static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); 96static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
97static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 97static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
98 const int **nids, int nid); 98 const int **nids, int nid);
99static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, 99static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
100 const int **nids, int nid); 100 const int **nids, int nid);
101static int bn2crparam(const BIGNUM *a, struct crparam *crp); 101static int bn2crparam(const BIGNUM *a, struct crparam *crp);
102static int crparam2bn(struct crparam *crp, BIGNUM *a); 102static int crparam2bn(struct crparam *crp, BIGNUM *a);
@@ -114,65 +114,67 @@ static int cryptodev_dsa_bn_mod_exp(DSA  @@ -114,65 +114,67 @@ static int cryptodev_dsa_bn_mod_exp(DSA
114static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, 114static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
115 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, 115 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
116 BN_CTX *ctx, BN_MONT_CTX *mont); 116 BN_CTX *ctx, BN_MONT_CTX *mont);
117static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, 117static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
118 int dlen, DSA *dsa); 118 int dlen, DSA *dsa);
119static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, 119static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
120 DSA_SIG *sig, DSA *dsa); 120 DSA_SIG *sig, DSA *dsa);
121static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, 121static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
122 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, 122 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
123 BN_MONT_CTX *m_ctx); 123 BN_MONT_CTX *m_ctx);
124static int cryptodev_dh_compute_key(unsigned char *key, 124static int cryptodev_dh_compute_key(unsigned char *key,
125 const BIGNUM *pub_key, DH *dh); 125 const BIGNUM *pub_key, DH *dh);
126static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, 126static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
127 void (*f)()); 127 void (*f)(void));
128void ENGINE_load_cryptodev(void); 128void ENGINE_load_cryptodev(void);
129 129
130static const ENGINE_CMD_DEFN cryptodev_defns[] = { 130static const ENGINE_CMD_DEFN cryptodev_defns[] = {
131 { 0, NULL, NULL, 0 } 131 { 0, NULL, NULL, 0 }
132}; 132};
133 133
134static struct { 134static struct {
135 int id; 135 int id;
136 int nid; 136 int nid;
137 int ivmax; 137 int ivmax;
138 int keylen; 138 int keylen;
139} ciphers[] = { 139} ciphers[] = {
140 { CRYPTO_ARC4, NID_rc4, 0, 16, }, 140 { CRYPTO_ARC4, NID_rc4, 0, 16, },
141 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, 141 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
142 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, 142 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
143 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, 143 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
144 { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, 144 { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
145 { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, 145 { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
146 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, 146 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
147 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, 147 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
148 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, 148 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
149 { 0, NID_undef, 0, 0, }, 149 { 0, NID_undef, 0, 0, },
150}; 150};
151 151
 152#if 0 /* not (yet?) used */
152static struct { 153static struct {
153 int id; 154 int id;
154 int nid; 155 int nid;
155 int keylen; 156 int keylen;
156} digests[] = { 157} digests[] = {
157 { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, 158 { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
158 { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, 159 { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
159 { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, 160 { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/},
160 { CRYPTO_MD5_KPDK, NID_undef, 0}, 161 { CRYPTO_MD5_KPDK, NID_undef, 0},
161 { CRYPTO_SHA1_KPDK, NID_undef, 0}, 162 { CRYPTO_SHA1_KPDK, NID_undef, 0},
162 { CRYPTO_MD5, NID_md5, 16}, 163 { CRYPTO_MD5, NID_md5, 16},
163 { CRYPTO_SHA1, NID_sha1, 20}, 164 { CRYPTO_SHA1, NID_sha1, 20},
164 { 0, NID_undef, 0}, 165 { 0, NID_undef, 0},
165}; 166};
 167#endif /* 0 */
166 168
167/* 169/*
168 * Return a fd if /dev/crypto seems usable, 0 otherwise. 170 * Return a fd if /dev/crypto seems usable, 0 otherwise.
169 */ 171 */
170static int 172static int
171open_dev_crypto(void) 173open_dev_crypto(void)
172{ 174{
173 static int fd = -1; 175 static int fd = -1;
174 176
175 if (fd == -1) { 177 if (fd == -1) {
176 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) 178 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
177 return (-1); 179 return (-1);
178 /* close on exec */ 180 /* close on exec */
@@ -231,26 +233,27 @@ get_cryptodev_ciphers(const int **cnids) @@ -231,26 +233,27 @@ get_cryptodev_ciphers(const int **cnids)
231 if (count > 0) 233 if (count > 0)
232 *cnids = nids; 234 *cnids = nids;
233 else 235 else
234 *cnids = NULL; 236 *cnids = NULL;
235 return (count); 237 return (count);
236} 238}
237 239
238/* 240/*
239 * Find out what digests /dev/crypto will let us have a session for. 241 * Find out what digests /dev/crypto will let us have a session for.
240 * XXX note, that some of these openssl doesn't deal with yet! 242 * XXX note, that some of these openssl doesn't deal with yet!
241 * returning them here is harmless, as long as we return NULL 243 * returning them here is harmless, as long as we return NULL
242 * when asked for a handler in the cryptodev_engine_digests routine 244 * when asked for a handler in the cryptodev_engine_digests routine
243 */ 245 */
 246#if 0 /* not (yet?) used */
244static int 247static int
245get_cryptodev_digests(const int **cnids) 248get_cryptodev_digests(const int **cnids)
246{ 249{
247 static int nids[CRYPTO_ALGORITHM_MAX]; 250 static int nids[CRYPTO_ALGORITHM_MAX];
248 struct session_op sess; 251 struct session_op sess;
249 int fd, i, count = 0; 252 int fd, i, count = 0;
250 253
251 if ((fd = get_dev_crypto()) < 0) { 254 if ((fd = get_dev_crypto()) < 0) {
252 *cnids = NULL; 255 *cnids = NULL;
253 return (0); 256 return (0);
254 } 257 }
255 memset(&sess, 0, sizeof(sess)); 258 memset(&sess, 0, sizeof(sess));
256 sess.mackey = (void *)"123456789abcdefghijklmno"; 259 sess.mackey = (void *)"123456789abcdefghijklmno";
@@ -261,26 +264,27 @@ get_cryptodev_digests(const int **cnids) @@ -261,26 +264,27 @@ get_cryptodev_digests(const int **cnids)
261 sess.mackeylen = digests[i].keylen; 264 sess.mackeylen = digests[i].keylen;
262 sess.cipher = 0; 265 sess.cipher = 0;
263 if (ioctl(fd, CIOCGSESSION, &sess) != -1 && 266 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
264 ioctl(fd, CIOCFSESSION, &sess.ses) != -1) 267 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
265 nids[count++] = digests[i].nid; 268 nids[count++] = digests[i].nid;
266 } 269 }
267 270
268 if (count > 0) 271 if (count > 0)
269 *cnids = nids; 272 *cnids = nids;
270 else 273 else
271 *cnids = NULL; 274 *cnids = NULL;
272 return (count); 275 return (count);
273} 276}
 277#endif /* 0 */
274 278
275/* 279/*
276 * Find the useable ciphers|digests from dev/crypto - this is the first 280 * Find the useable ciphers|digests from dev/crypto - this is the first
277 * thing called by the engine init crud which determines what it 281 * thing called by the engine init crud which determines what it
278 * can use for ciphers from this engine. We want to return 282 * can use for ciphers from this engine. We want to return
279 * only what we can do, anythine else is handled by software. 283 * only what we can do, anythine else is handled by software.
280 * 284 *
281 * If we can't initialize the device to do anything useful for 285 * If we can't initialize the device to do anything useful for
282 * any reason, we want to return a NULL array, and 0 length, 286 * any reason, we want to return a NULL array, and 0 length,
283 * which forces everything to be done is software. By putting 287 * which forces everything to be done is software. By putting
284 * the initalization of the device in here, we ensure we can 288 * the initalization of the device in here, we ensure we can
285 * use this engine as the default, and if for whatever reason 289 * use this engine as the default, and if for whatever reason
286 * /dev/crypto won't do what we want it will just be done in 290 * /dev/crypto won't do what we want it will just be done in
@@ -319,80 +323,80 @@ cryptodev_usable_digests(const int **nid @@ -319,80 +323,80 @@ cryptodev_usable_digests(const int **nid
319 */ 323 */
320 *nids = NULL; 324 *nids = NULL;
321 return (0); 325 return (0);
322#endif 326#endif
323} 327}
324 328
325static int 329static int
326cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 330cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
327 const unsigned char *in, size_t inl) 331 const unsigned char *in, size_t inl)
328{ 332{
329 struct crypt_op cryp; 333 struct crypt_op cryp;
330 struct dev_crypto_state *state = ctx->cipher_data; 334 struct dev_crypto_state *state = ctx->cipher_data;
331 struct session_op *sess = &state->d_sess; 335 struct session_op *sess = &state->d_sess;
332 void *iiv; 336 const void *iiv;
333 unsigned char save_iv[EVP_MAX_IV_LENGTH]; 337 unsigned char save_iv[EVP_MAX_IV_LENGTH];
334 338
335 if (state->d_fd < 0) 339 if (state->d_fd < 0)
336 return (0); 340 return (0);
337 if (!inl) 341 if (!inl)
338 return (1); 342 return (1);
339 if ((inl % ctx->cipher->block_size) != 0) 343 if ((inl % ctx->cipher->block_size) != 0)
340 return (0); 344 return (0);
341 345
342 memset(&cryp, 0, sizeof(cryp)); 346 memset(&cryp, 0, sizeof(cryp));
343 347
344 cryp.ses = sess->ses; 348 cryp.ses = sess->ses;
345 cryp.flags = 0; 349 cryp.flags = 0;
346 cryp.len = inl; 350 cryp.len = inl;
347 cryp.src = (void *) in; 351 cryp.src = (void *) in;
348 cryp.dst = (void *) out; 352 cryp.dst = (void *) out;
349 cryp.mac = 0; 353 cryp.mac = 0;
350 354
351 cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; 355 cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
352 356
353 if (ctx->cipher->iv_len) { 357 if (ctx->cipher->iv_len) {
354 cryp.iv = (void *) ctx->iv; 358 cryp.iv = (void *) ctx->iv;
355 if (!ctx->encrypt) { 359 if (!ctx->encrypt) {
356 iiv = (char *) in + inl - ctx->cipher->iv_len; 360 iiv = in + inl - ctx->cipher->iv_len;
357 memcpy(save_iv, iiv, ctx->cipher->iv_len); 361 memcpy(save_iv, iiv, ctx->cipher->iv_len);
358 } 362 }
359 } else 363 } else
360 cryp.iv = NULL; 364 cryp.iv = NULL;
361 365
362 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { 366 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
363 /* XXX need better errror handling 367 /* XXX need better errror handling
364 * this can fail for a number of different reasons. 368 * this can fail for a number of different reasons.
365 */ 369 */
366 return (0); 370 return (0);
367 } 371 }
368 372
369 if (ctx->cipher->iv_len) { 373 if (ctx->cipher->iv_len) {
370 if (ctx->encrypt) 374 if (ctx->encrypt)
371 iiv = (char *) out + inl - ctx->cipher->iv_len; 375 iiv = out + inl - ctx->cipher->iv_len;
372 else 376 else
373 iiv = save_iv; 377 iiv = save_iv;
374 memcpy(ctx->iv, iiv, ctx->cipher->iv_len); 378 memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
375 } 379 }
376 return (1); 380 return (1);
377} 381}
378 382
379static int 383static int
380cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 384cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
381 const unsigned char *iv, int enc) 385 const unsigned char *iv, int enc)
382{ 386{
383 struct dev_crypto_state *state = ctx->cipher_data; 387 struct dev_crypto_state *state = ctx->cipher_data;
384 struct session_op *sess = &state->d_sess; 388 struct session_op *sess = &state->d_sess;
385 int cipher, i; 389 int cipher = -1, i;
386 390
387 for (i = 0; ciphers[i].id; i++) 391 for (i = 0; ciphers[i].id; i++)
388 if (ctx->cipher->nid == ciphers[i].nid && 392 if (ctx->cipher->nid == ciphers[i].nid &&
389 ctx->cipher->iv_len <= ciphers[i].ivmax && 393 ctx->cipher->iv_len <= ciphers[i].ivmax &&
390 ctx->key_len == ciphers[i].keylen) { 394 ctx->key_len == ciphers[i].keylen) {
391 cipher = ciphers[i].id; 395 cipher = ciphers[i].id;
392 break; 396 break;
393 } 397 }
394 398
395 if (!ciphers[i].id) { 399 if (!ciphers[i].id) {
396 state->d_fd = -1; 400 state->d_fd = -1;
397 return (0); 401 return (0);
398 } 402 }
@@ -1251,27 +1255,27 @@ static DH_METHOD cryptodev_dh = { @@ -1251,27 +1255,27 @@ static DH_METHOD cryptodev_dh = {
1251 NULL, 1255 NULL,
1252 NULL, 1256 NULL,
1253 NULL, 1257 NULL,
1254 NULL, 1258 NULL,
1255 0, /* flags */ 1259 0, /* flags */
1256 NULL /* app_data */ 1260 NULL /* app_data */
1257}; 1261};
1258 1262
1259/* 1263/*
1260 * ctrl right now is just a wrapper that doesn't do much 1264 * ctrl right now is just a wrapper that doesn't do much
1261 * but I expect we'll want some options soon. 1265 * but I expect we'll want some options soon.
1262 */ 1266 */
1263static int 1267static int
1264cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) 1268cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
1265{ 1269{
1266#ifdef HAVE_SYSLOG_R 1270#ifdef HAVE_SYSLOG_R
1267 struct syslog_data sd = SYSLOG_DATA_INIT; 1271 struct syslog_data sd = SYSLOG_DATA_INIT;
1268#endif 1272#endif
1269 1273
1270 switch (cmd) { 1274 switch (cmd) {
1271 default: 1275 default:
1272#ifdef HAVE_SYSLOG_R 1276#ifdef HAVE_SYSLOG_R
1273 syslog_r(LOG_ERR, &sd, 1277 syslog_r(LOG_ERR, &sd,
1274 "cryptodev_ctrl: unknown command %d", cmd); 1278 "cryptodev_ctrl: unknown command %d", cmd);
1275#else 1279#else
1276 syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); 1280 syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
1277#endif 1281#endif
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/crypto/lhash/Attic/lhash.h (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/lhash/Attic/lhash.h 2009/07/19 23:30:40 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/lhash/Attic/lhash.h 2009/08/05 18:38:21 1.3
@@ -220,22 +220,22 @@ void lh_node_usage_stats_bio(const _LHAS @@ -220,22 +220,22 @@ void lh_node_usage_stats_bio(const _LHAS
220#define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) 220#define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn)
221#define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ 221#define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \
222 lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) 222 lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg))
223#define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) 223#define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh))
224#define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) 224#define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load)
225#define LHM_lh_node_stats_bio(type, lh, out) \ 225#define LHM_lh_node_stats_bio(type, lh, out) \
226 lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) 226 lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out)
227#define LHM_lh_node_usage_stats_bio(type, lh, out) \ 227#define LHM_lh_node_usage_stats_bio(type, lh, out) \
228 lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) 228 lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out)
229#define LHM_lh_stats_bio(type, lh, out) \ 229#define LHM_lh_stats_bio(type, lh, out) \
230 lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) 230 lh_stats_bio(CHECKED_LHASH_OF(type, lh), out)
231#define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) 231#define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh))
232 232
233DECLARE_LHASH_OF(STRING); 233DECLARE_LHASH_OF(OPENSSL_STRING);
234DECLARE_LHASH_OF(CSTRING); 234DECLARE_LHASH_OF(OPENSSL_CSTRING);
235 235
236#ifdef __cplusplus 236#ifdef __cplusplus
237} 237}
238#endif 238#endif
239 239
240#endif 240#endif
241 241
cvs diff -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_pkt.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_pkt.c 2009/07/19 23:30:42 1.2
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_pkt.c 2009/08/05 18:38:22 1.3
@@ -150,82 +150,90 @@ int ssl3_read_n(SSL *s, int n, int max,  @@ -150,82 +150,90 @@ int ssl3_read_n(SSL *s, int n, int max,
150 if (!extend) 150 if (!extend)
151 { 151 {
152 /* start with empty packet ... */ 152 /* start with empty packet ... */
153 if (left == 0) 153 if (left == 0)
154 rb->offset = align; 154 rb->offset = align;
155 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) 155 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH)
156 { 156 {
157 /* check if next packet length is large 157 /* check if next packet length is large
158 * enough to justify payload alignment... */ 158 * enough to justify payload alignment... */
159 pkt = rb->buf + rb->offset; 159 pkt = rb->buf + rb->offset;
160 if (pkt[0] == SSL3_RT_APPLICATION_DATA 160 if (pkt[0] == SSL3_RT_APPLICATION_DATA
161 && (pkt[3]<<8|pkt[4]) >= 128) 161 && (pkt[3]<<8|pkt[4]) >= 128)
162 { 162 {
163 /* Note that even if packet is corrupted 163 /* Note that even if packet is corrupted
164 * and its length field is insane, we can 164 * and its length field is insane, we can
165 * only be led to wrong decision about 165 * only be led to wrong decision about
166 * whether memmove will occur or not. 166 * whether memmove will occur or not.
167 * Header values has no effect on memmove 167 * Header values has no effect on memmove
168 * arguments and therefore no buffer 168 * arguments and therefore no buffer
169 * overrun can be triggered. */ 169 * overrun can be triggered. */
170 memmove (rb->buf+align,pkt,left); 170 memmove (rb->buf+align,pkt,left);
171 rb->offset = align; 171 rb->offset = align;
172 } 172 }
173 } 173 }
174 s->packet = rb->buf + rb->offset; 174 s->packet = rb->buf + rb->offset;
175 s->packet_length = 0; 175 s->packet_length = 0;
176 /* ... now we can act as if 'extend' was set */ 176 /* ... now we can act as if 'extend' was set */
177 } 177 }
178 178
179 /* extend reads should not span multiple packets for DTLS */ 179 /* For DTLS/UDP reads should not span multiple packets
180 if ( (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 180 * because the read operation returns the whole packet
181 && extend) 181 * at once (as long as it fits into the buffer). */
 182 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
182 { 183 {
183 if ( left > 0 && n > left) 184 if (left > 0 && n > left)
184 n = left; 185 n = left;
185 } 186 }
186 187
187 /* if there is enough in the buffer from a previous read, take some */ 188 /* if there is enough in the buffer from a previous read, take some */
188 if (left >= n) 189 if (left >= n)
189 { 190 {
190 s->packet_length+=n; 191 s->packet_length+=n;
191 rb->left=left-n; 192 rb->left=left-n;
192 rb->offset+=n; 193 rb->offset+=n;
193 return(n); 194 return(n);
194 } 195 }
195 196
196 /* else we need to read more data */ 197 /* else we need to read more data */
197 198
198 len = s->packet_length; 199 len = s->packet_length;
199 pkt = rb->buf+align; 200 pkt = rb->buf+align;
200 /* Move any available bytes to front of buffer: 201 /* Move any available bytes to front of buffer:
201 * 'len' bytes already pointed to by 'packet', 202 * 'len' bytes already pointed to by 'packet',
202 * 'left' extra ones at the end */ 203 * 'left' extra ones at the end */
203 if (s->packet != pkt) /* len > 0 */ 204 if (s->packet != pkt) /* len > 0 */
204 { 205 {
205 memmove(pkt, s->packet, len+left); 206 memmove(pkt, s->packet, len+left);
206 s->packet = pkt; 207 s->packet = pkt;
207 rb->offset = len + align; 208 rb->offset = len + align;
208 } 209 }
209 210
210 max = rb->len - rb->offset; 211 if (n > (int)(rb->len - rb->offset)) /* does not happen */
211 if (n > max) /* does not happen */ 
212 { 212 {
213 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); 213 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
214 return -1; 214 return -1;
215 } 215 }
216 216
217 if (!s->read_ahead) 217 if (!s->read_ahead)
218 max=n; 218 /* ignore max parameter */
 219 max = n;
 220 else
 221 {
 222 if (max < n)
 223 max = n;
 224 if (max > (int)(rb->len - rb->offset))
 225 max = rb->len - rb->offset;
 226 }
219 227
220 while (left < n) 228 while (left < n)
221 { 229 {
222 /* Now we have len+left bytes at the front of s->s3->rbuf.buf 230 /* Now we have len+left bytes at the front of s->s3->rbuf.buf
223 * and need to read in more until we have len+n (up to 231 * and need to read in more until we have len+n (up to
224 * len+max if possible) */ 232 * len+max if possible) */
225 233
226 clear_sys_error(); 234 clear_sys_error();
227 if (s->rbio != NULL) 235 if (s->rbio != NULL)
228 { 236 {
229 s->rwstate=SSL_READING; 237 s->rwstate=SSL_READING;
230 i=BIO_read(s->rbio,pkt+len+left, max-left); 238 i=BIO_read(s->rbio,pkt+len+left, max-left);
231 } 239 }
@@ -234,26 +242,34 @@ int ssl3_read_n(SSL *s, int n, int max,  @@ -234,26 +242,34 @@ int ssl3_read_n(SSL *s, int n, int max,
234 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); 242 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
235 i = -1; 243 i = -1;
236 } 244 }
237 245
238 if (i <= 0) 246 if (i <= 0)
239 { 247 {
240 rb->left = left; 248 rb->left = left;
241 if (s->mode & SSL_MODE_RELEASE_BUFFERS) 249 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
242 if (len+left == 0) 250 if (len+left == 0)
243 ssl3_release_read_buffer(s); 251 ssl3_release_read_buffer(s);
244 return(i); 252 return(i);
245 } 253 }
246 left+=i; 254 left+=i;
 255 /* reads should *never* span multiple packets for DTLS because
 256 * the underlying transport protocol is message oriented as opposed
 257 * to byte oriented as in the TLS case. */
 258 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
 259 {
 260 if (n > left)
 261 n = left; /* makes the while condition false */
 262 }
247 } 263 }
248 264
249 /* done reading, now the book-keeping */ 265 /* done reading, now the book-keeping */
250 rb->offset += n; 266 rb->offset += n;
251 rb->left = left - n; 267 rb->left = left - n;
252 s->packet_length += n; 268 s->packet_length += n;
253 s->rwstate=SSL_NOTHING; 269 s->rwstate=SSL_NOTHING;
254 return(n); 270 return(n);
255 } 271 }
256 272
257/* Call this to get a new input record. 273/* Call this to get a new input record.
258 * It will return <= 0 if more data is needed, normally due to an error 274 * It will return <= 0 if more data is needed, normally due to an error
259 * or non-blocking IO. 275 * or non-blocking IO.