From 904de6e4f5ec484afa0287effe948b92a4bb2d20 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Tue, 7 Aug 2001 09:31:03 +0000
Subject: [PATCH] Bugfix: larger message size in ssl3_get_key_exchange()
 because ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
---
 CHANGES       | 6 ++++++
 ssl/s3_clnt.c | 8 +++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 7da81adc20..f83d59b9f2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.6b and 0.9.6c  [XX xxx XXXX]
 
+  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+     with the same message size as in ssl3_get_certificate_request().
+     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+     messages might inadvertently be reject as too long.
+     [Petr Lampa <lampa@fee.vutbr.cz>]
+
   *) Modified SSL library such that the verify_callback that has been set
      specificly for an SSL object with SSL_set_verify() is actually being
      used. Before the change, a verify_callback set with this function was
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index eec45cfa48..f56f12788a 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -849,11 +849,17 @@ static int ssl3_get_key_exchange(SSL *s)
 	DH *dh=NULL;
 #endif
 
+	/* use same message size as in ssl3_get_certificate_request()
+	 * as ServerKeyExchange message may be skipped */
 	n=ssl3_get_message(s,
 		SSL3_ST_CR_KEY_EXCH_A,
 		SSL3_ST_CR_KEY_EXCH_B,
 		-1,
-		1024*8, /* ?? */
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+		1024*30,  /* 30k max cert list :-) */
+#else
+		1024*100, /* 100k max cert list :-) */
+#endif
 		&ok);
 
 	if (!ok) return((int)n);
-- 
2.25.1