Tolerate fragmentation and interleaving in the SSL 3/TLS record layer.

 Changes between 0.9.4 and 0.9.5  [xx XXX 2000]

  *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS

     record layer.

     [Bodo Moeller]

  *) Change the 'other' type in certificate aux info to a STACK_OF

     X509_ALGOR. Although not an AlgorithmIdentifier as such it has

     the required ASN1 format: arbitrary types determined by an OID.

	                     *  6-8   length           > Client Hello message

	                     *  9/10  client_version  /

	                     */

/* XXX */

	char *buf= &(buf_space[0]);

	unsigned char *p,*d,*dd;

	unsigned int i;

					 * throw this away and implement it in a way

					 * that makes sense */

					{

#if 0

					STACK_OF(SSL_CIPHER) *sk;

					SSL_CIPHER *c;

					int ne2,ne3;

							goto next_bit;

							}

						}

#else

					SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION);

					goto err;

#endif

					}

				}

			}

int ssl2_new(SSL *s)

	{

	SSL2_CTX *s2;

	SSL2_STATE *s2;

	if ((s2=(SSL2_CTX *)Malloc(sizeof(SSL2_CTX))) == NULL) goto err;

	memset(s2,0,sizeof(SSL2_CTX));

	if ((s2=Malloc(sizeof *s2)) == NULL) goto err;

	memset(s2,0,sizeof *s2);

	if ((s2->rbuf=(unsigned char *)Malloc(

	if ((s2->rbuf=Malloc(

		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;

	if ((s2->wbuf=(unsigned char *)Malloc(

	if ((s2->wbuf=Malloc(

		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;

	s->s2=s2;

void ssl2_free(SSL *s)

	{

	SSL2_CTX *s2;

	SSL2_STATE *s2;

	if(s == NULL)

	    return;

	s2=s->s2;

	if (s2->rbuf != NULL) Free(s2->rbuf);

	if (s2->wbuf != NULL) Free(s2->wbuf);

	memset(s2,0,sizeof(SSL2_CTX));

	memset(s2,0,sizeof *s2);

	Free(s2);

	s->s2=NULL;

	}

void ssl2_clear(SSL *s)

	{

	SSL2_CTX *s2;

	SSL2_STATE *s2;

	unsigned char *rbuf,*wbuf;

	s2=s->s2;

	rbuf=s2->rbuf;

	wbuf=s2->wbuf;

	memset(s2,0,sizeof(SSL2_CTX));

	memset(s2,0,sizeof *s2);

	s2->rbuf=rbuf;

	s2->wbuf=wbuf;

		EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);

		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);

		buf2=(unsigned char *)Malloc((unsigned int)i);

		buf2=Malloc((unsigned int)i);

		if (buf2 == NULL)

			{

			SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);

	if (!ok) return((int)n);

	/* If this occurs if we has missed a message */

	/* If this occurs, we have missed a message */

	if (!s->s3->change_cipher_spec)

		{

		al=SSL_AD_UNEXPECTED_MESSAGE;

	p=(unsigned char *)s->init_buf->data;

	if (s->state == st1)

	if (s->state == st1) /* s->init_num < 4 */

		{

		while (s->init_num < 4)

			{

			i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],

				4-s->init_num);

		if (i < (4-s->init_num))

			if (i <= 0)

				{

				s->rwstate=SSL_READING;

				*ok = 0;

			return(ssl3_part_read(s,i));

				return i;

				}

			s->init_num+=i;

			}

/* XXX server may always send Hello Request */

		if ((mt >= 0) && (*p != mt))

			{

			al=SSL_AD_UNEXPECTED_MESSAGE;

	/* next state (stn) */

	p=(unsigned char *)s->init_buf->data;

	n=s->s3->tmp.message_size;

	if (n > 0)

	while (n > 0)

		{

		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n);

		if (i != (int)n)

		if (i <= 0)

			{

			s->rwstate=SSL_READING;

			*ok = 0;

			return(ssl3_part_read(s,i));

			return i;

			}

		s->init_num += i;

		n -= i;

		}

	*ok=1;

	return(n);

	return s->init_num;

f_err:

	ssl3_send_alert(s,SSL3_AL_FATAL,al);

err:

			extra=SSL3_RT_MAX_EXTRA;

		else

			extra=0;

		if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE+extra))

		if ((p=Malloc(SSL3_RT_MAX_PACKET_SIZE+extra))

			== NULL)

			goto err;

		s->s3->rbuf.buf=p;

	if (s->s3->wbuf.buf == NULL)

		{

		if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE))

		if ((p=Malloc(SSL3_RT_MAX_PACKET_SIZE))

			== NULL)

			goto err;

		s->s3->wbuf.buf=p;