generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge in changes from 0.9.6-stable. This should definitely be done a

Browse Source 
little more often.
This commit is contained in:
Richard Levitte
2002-03-30 23:36:17 +00:00
parent ff0a0c46a7
commit c14688ec73
20 changed files with 120 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
CHANGES
View File

@@ -4,6 +4,29 @@
Changes between 0.9.6c and 0.9.6d [XX xxx XXXX] Changes between 0.9.6c and 0.9.6d [XX xxx XXXX]
*) Fix DH_generate_parameters() so that it works for 'non-standard'
generators, i.e. generators other than 2 and 5. (Previously, the
code did not properly initialise the 'add' and 'rem' values to
BN_generate_prime().)
In the new general case, we do not insist that 'generator' is
actually a primitive root: This requirement is rather pointless;
a generator of the order-q subgroup is just as good, if not
better.
[Bodo Moeller]
*) Map new X509 verification errors to alerts. Discovered and submitted by
Tom Wu <tom@arcot.com>.
[Lutz Jaenicke]
*) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
returning non-zero before the data has been completely received
when using non-blocking I/O.
[Bodo Moeller; problem pointed out by John Hughes]
*) Some of the ciphers missed the strength entry (SSL_LOW etc).
[Ben Laurie, Lutz Jaenicke]
*) Fix bug in SSL_clear(): bad sessions were not removed (found by *) Fix bug in SSL_clear(): bad sessions were not removed (found by
Yoram Zahavi <YoramZ@gilian.com>). Yoram Zahavi <YoramZ@gilian.com>).
[Lutz Jaenicke] [Lutz Jaenicke]

7
Configure
View File

@@ -406,7 +406,7 @@ my %table=(
"aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:", "aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
# #
# Cray T90 (SDSC) # Cray T90 and similar (SDSC)
# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
# defined. The T90 ints and longs are 8 bytes long, and apparently the # defined. The T90 ints and longs are 8 bytes long, and apparently the
# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and # B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and
@@ -416,7 +416,10 @@ my %table=(
#'Taking the address of a bit field is not allowed. ' #'Taking the address of a bit field is not allowed. '
#'An expression with bit field exists as the operand of "sizeof" ' #'An expression with bit field exists as the operand of "sizeof" '
# (written by Wayne Schroeder <schroede@SDSC.EDU>) # (written by Wayne Schroeder <schroede@SDSC.EDU>)
"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::", #
# j90 is considered the base machine type for unicos machines,
# so this configuration is now called "cray-j90" ...
"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
# #
# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov) # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)

5
INSTALL
View File

@@ -272,6 +272,11 @@
Note on shared libraries Note on shared libraries
------------------------ ------------------------
Shared library is currently an experimental feature. The only reason to
have them would be to conserve memory on systems where several program
are using OpenSSL. Binary backward compatibility can't be guaranteed
before OpenSSL version 1.0.
For some systems, the OpenSSL Configure script knows what is needed to For some systems, the OpenSSL Configure script knows what is needed to
build shared libraries for libcrypto and libssl. On these systems, build shared libraries for libcrypto and libssl. On these systems,
the shared libraries are currently not created by default, but giving the shared libraries are currently not created by default, but giving

2
INSTALL.W32
View File

@@ -81,7 +81,7 @@
There are various changes you can make to the Win32 compile environment. By There are various changes you can make to the Win32 compile environment. By
default the library is not compiled with debugging symbols. If you add 'debug' default the library is not compiled with debugging symbols. If you add 'debug'
to the mk1mk.pl lines in the do_* batch file then debugging symbols will be to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
compiled in. compiled in.
The default Win32 environment is to leave out any Windows NT specific The default Win32 environment is to leave out any Windows NT specific

2
LICENSE
View File

@@ -12,7 +12,7 @@
--------------- ---------------
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions

8
TABLE
View File

@@ -1035,13 +1035,13 @@ $shared_ldflag =
$shared_extension = $shared_extension =
$ranlib = $ranlib =
*** cray-t3e *** cray-j90
$cc = cc $cc = cc
$cflags = -DBIT_FIELD_LIMITS -DTERMIOS $cflags = -DBIT_FIELD_LIMITS -DTERMIOS
$unistd = $unistd =
$thread_cflag = (unknown) $thread_cflag = (unknown)
$lflags = $lflags =
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT $bn_ops = SIXTY_FOUR_BIT_LONG DES_INT
$bn_obj = $bn_obj =
$des_obj = $des_obj =
$bf_obj = $bf_obj =
@@ -1058,13 +1058,13 @@ $shared_ldflag =
$shared_extension = $shared_extension =
$ranlib = $ranlib =
*** cray-t90-cc *** cray-t3e
$cc = cc $cc = cc
$cflags = -DBIT_FIELD_LIMITS -DTERMIOS $cflags = -DBIT_FIELD_LIMITS -DTERMIOS
$unistd = $unistd =
$thread_cflag = (unknown) $thread_cflag = (unknown)
$lflags = $lflags =
$bn_ops = SIXTY_FOUR_BIT_LONG DES_INT $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
$bn_obj = $bn_obj =
$des_obj = $des_obj =
$bf_obj = $bf_obj =

9
config
View File

@@ -310,6 +310,13 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
exit 0 exit 0
;; ;;
*"CRAY T3E")
echo "t3e-cray-unicosmk"; exit 0;
;;
*CRAY*)
echo "j90-cray-unicos"; exit 0;
;;
esac esac
# #
@@ -591,6 +598,8 @@ EOF
mips-sony-newsos4) OUT="newsos4-gcc" ;; mips-sony-newsos4) OUT="newsos4-gcc" ;;
*-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;; *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
*-*-cygwin) OUT="Cygwin" ;; *-*-cygwin) OUT="Cygwin" ;;
t3e-cray-unicosmk) OUT="cray-t3e" ;;
j90-cray-unicos) OUT="cray-j90" ;;
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac esac

2
crypto/Makefile.ssl
View File

@@ -6,7 +6,7 @@ DIR= crypto
TOP= .. TOP= ..
CC= cc CC= cc
INCLUDE= -I. -I../include INCLUDE= -I. -I../include
INCLUDES= -I.. -I../../include INCLUDES= -I.. -I../.. -I../../include
CFLAG= -g CFLAG= -g
INSTALL_PREFIX= INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl OPENSSLDIR= /usr/local/ssl

4
crypto/bio/b_sock.c
View File

@@ -72,9 +72,9 @@
#endif #endif
#ifdef SO_MAXCONN #ifdef SO_MAXCONN
#define MAX_LISTEN SOMAXCONN
#elif defined(SO_MAXCONN)
#define MAX_LISTEN SO_MAXCONN #define MAX_LISTEN SO_MAXCONN
#elif defined(SOMAXCONN)
#define MAX_LISTEN SOMAXCONN
#else #else
#define MAX_LISTEN 32 #define MAX_LISTEN 32
#endif #endif

2
crypto/conf/Makefile.ssl
View File

@@ -5,7 +5,7 @@
DIR= conf DIR= conf
TOP= ../.. TOP= ../..
CC= cc CC= cc
INCLUDES= -I.. -I../../include INCLUDES= -I.. -I../.. -I../../include
CFLAG=-g CFLAG=-g
INSTALL_PREFIX= INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl OPENSSLDIR= /usr/local/ssl

1
crypto/conf/conf_api.c
View File

@@ -67,6 +67,7 @@
#include <string.h> #include <string.h>
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/conf_api.h> #include <openssl/conf_api.h>
#include "e_os.h"
static void value_free_hash(CONF_VALUE *a, LHASH *conf); static void value_free_hash(CONF_VALUE *a, LHASH *conf);
static void value_free_stack(CONF_VALUE *a,LHASH *conf); static void value_free_stack(CONF_VALUE *a,LHASH *conf);

1
crypto/dh/dh.h
View File

@@ -204,6 +204,7 @@ void ERR_load_DH_strings(void);
#define DH_F_DH_NEW 105 #define DH_F_DH_NEW 105
/* Reason codes. */ /* Reason codes. */
#define DH_R_BAD_GENERATOR 101
#define DH_R_NO_PRIVATE_VALUE 100 #define DH_R_NO_PRIVATE_VALUE 100
#ifdef __cplusplus #ifdef __cplusplus

3
crypto/dh/dh_err.c
View File

@@ -1,6 +1,6 @@
/* crypto/dh/dh_err.c */ /* crypto/dh/dh_err.c */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -77,6 +77,7 @@ static ERR_STRING_DATA DH_str_functs[]=
static ERR_STRING_DATA DH_str_reasons[]= static ERR_STRING_DATA DH_str_reasons[]=
{ {
{DH_R_BAD_GENERATOR ,"bad generator"},
{DH_R_NO_PRIVATE_VALUE ,"no private value"}, {DH_R_NO_PRIVATE_VALUE ,"no private value"},
{0,NULL} {0,NULL}
}; };

32
crypto/dh/dh_gen.c
View File

@@ -82,7 +82,10 @@
* Since DH should be using a safe prime (both p and q are prime), * Since DH should be using a safe prime (both p and q are prime),
* this generator function can take a very very long time to run. * this generator function can take a very very long time to run.
*/ */
/* Actually there is no reason to insist that 'generator' be a generator.
* It's just as OK (and in some sense better) to use a generator of the
* order-q subgroup.
*/
DH *DH_generate_parameters(int prime_len, int generator, DH *DH_generate_parameters(int prime_len, int generator,
void (*callback)(int,int,void *), void *cb_arg) void (*callback)(int,int,void *), void *cb_arg)
{ {
@@ -100,30 +103,43 @@ DH *DH_generate_parameters(int prime_len, int generator,
t2 = BN_CTX_get(ctx); t2 = BN_CTX_get(ctx);
if (t1 == NULL || t2 == NULL) goto err; if (t1 == NULL || t2 == NULL) goto err;
if (generator <= 1)
{
DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
goto err;
}
if (generator == DH_GENERATOR_2) if (generator == DH_GENERATOR_2)
{ {
BN_set_word(t1,24); if (!BN_set_word(t1,24)) goto err;
BN_set_word(t2,11); if (!BN_set_word(t2,11)) goto err;
g=2; g=2;
} }
#ifdef undef /* does not work for safe primes */ #if 0 /* does not work for safe primes */
else if (generator == DH_GENERATOR_3) else if (generator == DH_GENERATOR_3)
{ {
BN_set_word(t1,12); if (!BN_set_word(t1,12)) goto err;
BN_set_word(t2,5); if (!BN_set_word(t2,5)) goto err;
g=3; g=3;
} }
#endif #endif
else if (generator == DH_GENERATOR_5) else if (generator == DH_GENERATOR_5)
{ {
BN_set_word(t1,10); if (!BN_set_word(t1,10)) goto err;
BN_set_word(t2,3); if (!BN_set_word(t2,3)) goto err;
/* BN_set_word(t3,7); just have to miss /* BN_set_word(t3,7); just have to miss
* out on these ones :-( */ * out on these ones :-( */
g=5; g=5;
} }
else else
{
/* in the general case, don't worry if 'generator' is a
* generator or not: since we are using safe primes,
* it will generate either an order-q or an order-2q group,
* which both is OK */
if (!BN_set_word(t1,2)) goto err;
if (!BN_set_word(t2,1)) goto err;
g=generator; g=generator;
}
p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg); p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
if (p == NULL) goto err; if (p == NULL) goto err;

13
crypto/dh/dhtest.c
View File

@@ -66,6 +66,7 @@
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/err.h>
#ifdef NO_DH #ifdef NO_DH
int main(int argc, char *argv[]) int main(int argc, char *argv[])
@@ -112,6 +113,16 @@ int main(int argc, char *argv[])
a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
if (a == NULL) goto err; if (a == NULL) goto err;
if (!DH_check(a, &i)) goto err;
if (i & DH_CHECK_P_NOT_PRIME)
BIO_puts(out, "p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
BIO_puts(out, "p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
BIO_puts(out, "unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
BIO_puts(out, "the g value is not a generator\n");
BIO_puts(out,"\np ="); BIO_puts(out,"\np =");
BN_print(out,a->p); BN_print(out,a->p);
BIO_puts(out,"\ng ="); BIO_puts(out,"\ng =");
@@ -170,6 +181,8 @@ int main(int argc, char *argv[])
else else
ret=0; ret=0;
err: err:
ERR_print_errors_fp(stderr);
if (abuf != NULL) OPENSSL_free(abuf); if (abuf != NULL) OPENSSL_free(abuf);
if (bbuf != NULL) OPENSSL_free(bbuf); if (bbuf != NULL) OPENSSL_free(bbuf);
if(b != NULL) DH_free(b); if(b != NULL) DH_free(b);

1
crypto/lhash/lh_test.c
View File

@@ -75,7 +75,6 @@ main()
buf[0]='\0'; buf[0]='\0';
fgets(buf,256,stdin); fgets(buf,256,stdin);
if (buf[0] == '\0') break; if (buf[0] == '\0') break;
buf[256]='\0';
i=strlen(buf); i=strlen(buf);
p=OPENSSL_malloc(i+1); p=OPENSSL_malloc(i+1);
memcpy(p,buf,i+1); memcpy(p,buf,i+1);

2
demos/maurice/example1.c
View File

@@ -72,7 +72,7 @@ void main_encrypt(void)
pubKey[0] = ReadPublicKey(PUBFILE); pubKey[0] = ReadPublicKey(PUBFILE);
if(!pubKey) if(!pubKey[0])
{ {
fprintf(stderr,"Error: can't load public key"); fprintf(stderr,"Error: can't load public key");
exit(1); exit(1);

7
ssl/s3_both.c
View File

@@ -528,6 +528,8 @@ int ssl_verify_alarm_type(long type)
case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_CRL_NOT_YET_VALID: case X509_V_ERR_CRL_NOT_YET_VALID:
case X509_V_ERR_CERT_UNTRUSTED:
case X509_V_ERR_CERT_REJECTED:
al=SSL_AD_BAD_CERTIFICATE; al=SSL_AD_BAD_CERTIFICATE;
break; break;
case X509_V_ERR_CERT_SIGNATURE_FAILURE: case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -549,11 +551,16 @@ int ssl_verify_alarm_type(long type)
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
case X509_V_ERR_CERT_CHAIN_TOO_LONG: case X509_V_ERR_CERT_CHAIN_TOO_LONG:
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
case X509_V_ERR_INVALID_CA:
al=SSL_AD_UNKNOWN_CA; al=SSL_AD_UNKNOWN_CA;
break; break;
case X509_V_ERR_APPLICATION_VERIFICATION: case X509_V_ERR_APPLICATION_VERIFICATION:
al=SSL_AD_HANDSHAKE_FAILURE; al=SSL_AD_HANDSHAKE_FAILURE;
break; break;
case X509_V_ERR_INVALID_PURPOSE:
al=SSL_AD_UNSUPPORTED_CERTIFICATE;
break;
default: default:
al=SSL_AD_CERTIFICATE_UNKNOWN; al=SSL_AD_CERTIFICATE_UNKNOWN;
break; break;

15
ssl/s3_lib.c
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -170,7 +170,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_ADH_RC4_128_MD5, SSL3_TXT_ADH_RC4_128_MD5,
SSL3_CK_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5,
SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
SSL_NOT_EXP, SSL_NOT_EXP|SSL_MEDIUM,
0, 0,
128, 128,
128, 128,
@@ -196,7 +196,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_ADH_DES_64_CBC_SHA, SSL3_TXT_ADH_DES_64_CBC_SHA,
SSL3_CK_ADH_DES_64_CBC_SHA, SSL3_CK_ADH_DES_64_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
SSL_NOT_EXP, SSL_NOT_EXP|SSL_LOW,
0, 0,
56, 56,
56, 56,
@@ -209,7 +209,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_ADH_DES_192_CBC_SHA, SSL3_TXT_ADH_DES_192_CBC_SHA,
SSL3_CK_ADH_DES_192_CBC_SHA, SSL3_CK_ADH_DES_192_CBC_SHA,
SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
SSL_NOT_EXP, SSL_NOT_EXP|SSL_HIGH,
0, 0,
168, 168,
168, 168,
@@ -518,7 +518,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_FZA_DMS_RC4_SHA, SSL3_TXT_FZA_DMS_RC4_SHA,
SSL3_CK_FZA_DMS_RC4_SHA, SSL3_CK_FZA_DMS_RC4_SHA,
SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
SSL_NOT_EXP, SSL_NOT_EXP|SSL_MEDIUM,
0, 0,
128, 128,
128, 128,
@@ -612,7 +612,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP, SSL_NOT_EXP|SSL_MEDIUM,
0, 0,
128, 128,
128, 128,
@@ -693,6 +693,9 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u)
int ssl3_pending(SSL *s) int ssl3_pending(SSL *s)
{ {
if (s->rstate == SSL_ST_READ_BODY)
return 0;
return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
} }

13
ssl/ssltest.c
View File

@@ -848,10 +848,10 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
if (num > 1) if (num > 1)
--num; /* test restartability even more thoroughly */ --num; /* test restartability even more thoroughly */
r = BIO_nwrite(io1, &dataptr, (int)num); r = BIO_nwrite0(io1, &dataptr);
assert(r > 0); assert(r > 0);
assert(r <= (int)num); if (r < num)
num = r; num = r;
r = BIO_read(io2, dataptr, (int)num); r = BIO_read(io2, dataptr, (int)num);
if (r != (int)num) /* can't happen */ if (r != (int)num) /* can't happen */
{ {
@@ -860,6 +860,13 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
goto err; goto err;
} }
progress = 1; progress = 1;
r = BIO_nwrite(io1, &dataptr, (int)num);
if (r != (int)num) /* can't happen */
{
fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
"BIO_nwrite0() bytes");
goto err;
}
if (debug) if (debug)
printf((io2 == client_io) ? printf((io2 == client_io) ?