src - FreeBSD source tree

diff options


context:
space:
mode:

author	Kris Kennaway <kris@FreeBSD.org>	2001-02-18 03:23:30 +0000
committer	Kris Kennaway <kris@FreeBSD.org>	2001-02-18 03:23:30 +0000
commit	b64f39b6554a7954f23be06c7af6b9fd494926f8 (patch)
tree	8f8fd3d11136a30f69307944a54b21a7792150e8 /crypto
parent	a991678294c0cf780177289c017ae11f17a15d8e (diff)
download	src-b64f39b6554a7954f23be06c7af6b9fd494926f8.tar.gz src-b64f39b6554a7954f23be06c7af6b9fd494926f8.zip

Resolve conflicts

Notes

Notes: svn path=/head/; revision=72616

Diffstat (limited to 'crypto')

-rw-r--r--

crypto/openssl/crypto/evp/evp.h

-rw-r--r--

crypto/openssl/crypto/idea/Makefile.ssl

-rw-r--r--

crypto/openssl/crypto/rsa/rsa_eay.c

101

-rw-r--r--

crypto/openssl/ssl/s2_clnt.c

-rw-r--r--

crypto/openssl/ssl/s2_lib.c

-rw-r--r--

crypto/openssl/ssl/s2_pkt.c

168

6 files changed, 247 insertions, 72 deletions

diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h
index d224551884ad..b7820bea1c61 100644
--- a/crypto/openssl/crypto/evp/evp.h
+++ b/crypto/openssl/crypto/evp/evp.h

@@ -465,12 +465,20 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

ASN1_TYPE *param, EVP_CIPHER *cipher,

EVP_MD *md, int en_de);

+#ifndef NO_RSA

#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\

(char *)(rsa))

+#endif

+#ifndef NO_DSA

#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\

(char *)(dsa))

+#endif

+#ifndef NO_DH

#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\

(char *)(dh))

+#endif

/* Add some extra combinations */

#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))

@@ -614,17 +622,29 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,

#endif

EVP_MD *EVP_md_null(void);

+#ifndef NO_MD2

EVP_MD *EVP_md2(void);

+#endif

+#ifndef NO_MD4

EVP_MD *EVP_md4(void);

+#endif

+#ifndef NO_MD5

EVP_MD *EVP_md5(void);

+#endif

+#ifndef NO_SHA

EVP_MD *EVP_sha(void);

EVP_MD *EVP_sha1(void);

EVP_MD *EVP_dss(void);

EVP_MD *EVP_dss1(void);

+#endif

+#ifndef NO_MDC2

EVP_MD *EVP_mdc2(void);

+#endif

+#ifndef NO_RIPEMD

EVP_MD *EVP_ripemd160(void);

+#endif

EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */

+#ifndef NO_DES

EVP_CIPHER *EVP_des_ecb(void);

EVP_CIPHER *EVP_des_ede(void);

EVP_CIPHER *EVP_des_ede3(void);

@@ -638,31 +658,43 @@ EVP_CIPHER *EVP_des_cbc(void);

EVP_CIPHER *EVP_des_ede_cbc(void);

EVP_CIPHER *EVP_des_ede3_cbc(void);

EVP_CIPHER *EVP_desx_cbc(void);

+#endif

+#ifndef NO_RC4

EVP_CIPHER *EVP_rc4(void);

EVP_CIPHER *EVP_rc4_40(void);

+#endif

+#ifndef NO_IDEA

EVP_CIPHER *EVP_idea_ecb(void);

EVP_CIPHER *EVP_idea_cfb(void);

EVP_CIPHER *EVP_idea_ofb(void);

EVP_CIPHER *EVP_idea_cbc(void);

+#endif

+#ifndef NO_RC2

EVP_CIPHER *EVP_rc2_ecb(void);

EVP_CIPHER *EVP_rc2_cbc(void);

EVP_CIPHER *EVP_rc2_40_cbc(void);

EVP_CIPHER *EVP_rc2_64_cbc(void);

EVP_CIPHER *EVP_rc2_cfb(void);

EVP_CIPHER *EVP_rc2_ofb(void);

+#endif

+#ifndef NO_BF

EVP_CIPHER *EVP_bf_ecb(void);

EVP_CIPHER *EVP_bf_cbc(void);

EVP_CIPHER *EVP_bf_cfb(void);

EVP_CIPHER *EVP_bf_ofb(void);

+#endif

+#ifndef NO_CAST

EVP_CIPHER *EVP_cast5_ecb(void);

EVP_CIPHER *EVP_cast5_cbc(void);

EVP_CIPHER *EVP_cast5_cfb(void);

EVP_CIPHER *EVP_cast5_ofb(void);

+#endif

+#ifndef NO_RC5

EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);

EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);

EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);

EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);

+#endif

void OpenSSL_add_all_algorithms(void);

void OpenSSL_add_all_ciphers(void);

void OpenSSL_add_all_digests(void);

diff --git a/crypto/openssl/crypto/idea/Makefile.ssl b/crypto/openssl/crypto/idea/Makefile.ssl
index ac32f1348131..8923d7d066ca 100644
--- a/crypto/openssl/crypto/idea/Makefile.ssl
+++ b/crypto/openssl/crypto/idea/Makefile.ssl

@@ -40,7 +40,8 @@ all: lib

lib: $(LIBOBJ)

$(AR) $(LIB) $(LIBOBJ)

- $(RANLIB) $(LIB)

+ @echo You may get an error following this line. Please ignore.

+ - $(RANLIB) $(LIB)

@touch lib

files:

diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index 816211741203..d9b4fbb176f3 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c

@@ -139,11 +139,28 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,

if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))

{

- if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)

- if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))

- goto err;

+ BN_MONT_CTX* bn_mont_ctx;

+ if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)

+ goto err;

+ if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))

+ {

+ BN_MONT_CTX_free(bn_mont_ctx);

+ goto err;

+ }

+ if (rsa->_method_mod_n == NULL) /* other thread may have finished first */

+ {

+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);

+ if (rsa->_method_mod_n == NULL)

+ {

+ rsa->_method_mod_n = bn_mont_ctx;

+ bn_mont_ctx = NULL;

+ }

+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);

+ }

+ if (bn_mont_ctx)

+ BN_MONT_CTX_free(bn_mont_ctx);

}

if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,

rsa->_method_mod_n)) goto err;

@@ -370,11 +387,28 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,

/* do the decrypt */

if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))

{

- if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)

- if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))

- goto err;

+ BN_MONT_CTX* bn_mont_ctx;

+ if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)

+ goto err;

+ if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))

+ {

+ BN_MONT_CTX_free(bn_mont_ctx);

+ goto err;

+ }

+ if (rsa->_method_mod_n == NULL) /* other thread may have finished first */

+ {

+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);

+ if (rsa->_method_mod_n == NULL)

+ {

+ rsa->_method_mod_n = bn_mont_ctx;

+ bn_mont_ctx = NULL;

+ }

+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);

+ }

+ if (bn_mont_ctx)

+ BN_MONT_CTX_free(bn_mont_ctx);

}

if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,

rsa->_method_mod_n)) goto err;

@@ -422,20 +456,53 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)

{

if (rsa->_method_mod_p == NULL)

{

- if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL)

- if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p,

- ctx))

- goto err;

+ BN_MONT_CTX* bn_mont_ctx;

+ if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)

+ goto err;

+ if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))

+ {

+ BN_MONT_CTX_free(bn_mont_ctx);

+ goto err;

+ }

+ if (rsa->_method_mod_p == NULL) /* other thread may have finished first */

+ {

+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);

+ if (rsa->_method_mod_p == NULL)

+ {

+ rsa->_method_mod_p = bn_mont_ctx;

+ bn_mont_ctx = NULL;

+ }

+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);

+ }

+ if (bn_mont_ctx)

+ BN_MONT_CTX_free(bn_mont_ctx);

}

if (rsa->_method_mod_q == NULL)

{

- if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL)

- if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q,

- ctx))

- goto err;

+ BN_MONT_CTX* bn_mont_ctx;

+ if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)

+ goto err;

+ if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))

+ {

+ BN_MONT_CTX_free(bn_mont_ctx);

+ goto err;

+ }

+ if (rsa->_method_mod_q == NULL) /* other thread may have finished first */

+ {

+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);

+ if (rsa->_method_mod_q == NULL)

+ {

+ rsa->_method_mod_q = bn_mont_ctx;

+ bn_mont_ctx = NULL;

+ }

+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);

+ }

+ if (bn_mont_ctx)

+ BN_MONT_CTX_free(bn_mont_ctx);

}

if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;

if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,

rsa->_method_mod_q)) goto err;

diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
index e448a60ae4f5..3ddc23196c0f 100644
--- a/crypto/openssl/ssl/s2_clnt.c
+++ b/crypto/openssl/ssl/s2_clnt.c

@@ -923,6 +923,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)

goto err;

}

ERR_clear_error(); /* but we keep s->verify_result */

+ s->session->verify_result = s->verify_result;

/* server's cert for this session */

sc=ssl_sess_cert_new();

diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
index c64c8d89c5e0..a524daba4c1f 100644
--- a/crypto/openssl/ssl/s2_lib.c
+++ b/crypto/openssl/ssl/s2_lib.c

@@ -262,7 +262,7 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u)

int ssl2_pending(SSL *s)

{

- return(s->s2->ract_data_length);

+ return SSL_in_init(s) ? 0 : s->s2->ract_data_length;

}

int ssl2_new(SSL *s)

@@ -272,10 +272,16 @@ int ssl2_new(SSL *s)

if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;

memset(s2,0,sizeof *s2);

+#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2

+# error "assertion failed"

+#endif

if ((s2->rbuf=OPENSSL_malloc(

SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;

+ /* wbuf needs one byte more because when using two-byte headers,

+ * we leave the first byte unused in do_ssl_write (s2_pkt.c) */

if ((s2->wbuf=OPENSSL_malloc(

- SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;

+ SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;

s->s2=s2;

ssl2_clear(s);

diff --git a/crypto/openssl/ssl/s2_pkt.c b/crypto/openssl/ssl/s2_pkt.c
index 7eb46732656c..4e752a25e161 100644
--- a/crypto/openssl/ssl/s2_pkt.c
+++ b/crypto/openssl/ssl/s2_pkt.c

@@ -54,6 +54,58 @@

* derivative of this code cannot be changed. i.e. this code cannot simply be

* copied and put under another distribution licence

* [including the GNU Public Licence.]

+ */

+/* ====================================================================

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

+ *

+ * 1. Redistributions of source code must retain the above copyright

+ * notice, this list of conditions and the following disclaimer.

+ *

+ * 2. Redistributions in binary form must reproduce the above copyright

+ * notice, this list of conditions and the following disclaimer in

+ * the documentation and/or other materials provided with the

+ * distribution.

+ *

+ * 3. All advertising materials mentioning features or use of this

+ * software must display the following acknowledgment:

+ * "This product includes software developed by the OpenSSL Project

+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

+ *

+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

+ * endorse or promote products derived from this software without

+ * prior written permission. For written permission, please contact

+ * openssl-core@openssl.org.

+ *

+ * 5. Products derived from this software may not be called "OpenSSL"

+ * nor may "OpenSSL" appear in their names without prior written

+ * permission of the OpenSSL Project.

+ *

+ * 6. Redistributions of any form whatsoever must retain the following

+ * acknowledgment:

+ * "This product includes software developed by the OpenSSL Project

+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR

+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

+ * OF THE POSSIBILITY OF SUCH DAMAGE.

+ * ====================================================================

+ *

+ * This product includes cryptographic software written by Eric Young

+ * (eay@cryptsoft.com). This product includes software written by Tim

+ * Hudson (tjh@cryptsoft.com).

* $FreeBSD$

@@ -68,23 +120,12 @@ static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);

static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);

static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);

static int ssl_mt_error(int n);

-int ssl2_peek(SSL *s, char *buf, int len)

- {

- int ret;

- ret=ssl2_read(s,buf,len);

- if (ret > 0)

- {

- s->s2->ract_data_length+=ret;

- s->s2->ract_data-=ret;

- }

- return(ret);

- }

-/* SSL_read -

+/* SSL 2.0 imlementation for SSL_read/SSL_peek -

* This routine will return 0 to len bytes, decrypted etc if required.

-int ssl2_read(SSL *s, void *buf, int len)

+static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)

{

int n;

unsigned char mac[MAX_MAC_SIZE];

@@ -92,14 +133,14 @@ int ssl2_read(SSL *s, void *buf, int len)

int i;

unsigned int mac_size=0;

-ssl2_read_again:

+ ssl2_read_again:

if (SSL_in_init(s) && !s->in_handshake)

{

n=s->handshake_func(s);

if (n < 0) return(n);

if (n == 0)

{

- SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE);

+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);

return(-1);

}

@@ -116,13 +157,22 @@ ssl2_read_again:

n=len;

memcpy(buf,s->s2->ract_data,(unsigned int)n);

- s->s2->ract_data_length-=n;

- s->s2->ract_data+=n;

- if (s->s2->ract_data_length == 0)

- s->rstate=SSL_ST_READ_HEADER;

+ if (!peek)

+ {

+ s->s2->ract_data_length-=n;

+ s->s2->ract_data+=n;

+ if (s->s2->ract_data_length == 0)

+ s->rstate=SSL_ST_READ_HEADER;

+ }

return(n);

}

+ /* s->s2->ract_data_length == 0

+ *

+ * Fill the buffer, then goto ssl2_read_again.

+ */

if (s->rstate == SSL_ST_READ_HEADER)

{

if (s->first_packet)

@@ -135,7 +185,7 @@ ssl2_read_again:

(p[2] == SSL2_MT_CLIENT_HELLO) ||

(p[2] == SSL2_MT_SERVER_HELLO))))

{

- SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET);

+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);

return(-1);

}

@@ -213,48 +263,49 @@ ssl2_read_again:

(unsigned int)mac_size) != 0) ||

(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))

{

- SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE);

+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);

return(-1);

}

INC32(s->s2->read_sequence); /* expect next number */

/* s->s2->ract_data is now available for processing */

-#if 1

- /* How should we react when a packet containing 0

- * bytes is received? (Note that SSLeay/OpenSSL itself

- * never sends such packets; see ssl2_write.)

- * Returning 0 would be interpreted by the caller as

- * indicating EOF, so it's not a good idea.

- * Instead, we just continue reading. Note that using

- * select() for blocking sockets *never* guarantees

+ /* Possibly the packet that we just read had 0 actual data bytes.

+ * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)

+ * In this case, returning 0 would be interpreted by the caller

+ * as indicating EOF, so it's not a good idea. Instead, we just

+ * continue reading; thus ssl2_read_internal may have to process

+ * multiple packets before it can return.

+ *

+ * [Note that using select() for blocking sockets *never* guarantees

* that the next SSL_read will not block -- the available

- * data may contain incomplete packets, and except for SSL 2

- * renegotiation can confuse things even more. */

+ * data may contain incomplete packets, and except for SSL 2,

+ * renegotiation can confuse things even more.] */

goto ssl2_read_again; /* This should really be

- * "return ssl2_read(s,buf,len)",

- * but that would allow for

- * denial-of-service attacks if a

- * C compiler is used that does not

- * recognize end-recursion. */

-#else

- /* If a 0 byte packet was sent, return 0, otherwise

- * we play havoc with people using select with

- * blocking sockets. Let them handle a packet at a time,

- * they should really be using non-blocking sockets. */

- if (s->s2->ract_data_length == 0)

- return(0);

- return(ssl2_read(s,buf,len));

-#endif

+ * "return ssl2_read(s,buf,len)",

+ * but that would allow for

+ * denial-of-service attacks if a

+ * C compiler is used that does not

+ * recognize end-recursion. */

}

else

{

- SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE);

+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);

return(-1);

}

+int ssl2_read(SSL *s, void *buf, int len)

+ {

+ return ssl2_read_internal(s, buf, len, 0);

+ }

+int ssl2_peek(SSL *s, char *buf, int len)

+ {

+ return ssl2_read_internal(s, buf, len, 1);

+ }

static int read_n(SSL *s, unsigned int n, unsigned int max,

unsigned int extend)

{

@@ -485,6 +536,9 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)

{

bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);

j=len+mac_size;

+ /* Two-byte headers allow for a larger record length than

+ * three-byte headers, but we can't use them if we need

+ * padding or if we have to set the escape bit. */

if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&

(!s->s2->escape))

{

@@ -500,25 +554,39 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)

}

else if ((bs <= 1) && (!s->s2->escape))

{

- /* len=len; */

+ /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus

+ * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */

s->s2->three_byte_header=0;

p=0;

}

- else /* 3 byte header */

+ else /* we may have to use a 3 byte header */

{

- /*len=len; */

+ /* If s->s2->escape is not set, then

+ * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus

+ * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */

p=(j%bs);

p=(p == 0)?0:(bs-p);

if (s->s2->escape)

+ {

s->s2->three_byte_header=1;

+ if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)

+ j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;

+ }

else

s->s2->three_byte_header=(p == 0)?0:1;

}

+ /* Now

+ * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER

+ * holds, and if s->s2->three_byte_header is set, then even

+ * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.

+ */

/* mac_size is the number of MAC bytes

* len is the number of data bytes we are going to send

* p is the number of padding bytes

- * if p == 0, it is a 2 byte header */

+ * (if it is a two-byte header, then p == 0) */

s->s2->wlength=len;

s->s2->padding=p;