Disable SSL_peek.

CHANGES

@@ -4,6 +4,12 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2000]
 
+  *) Disable ssl2_peek and ssl3_peek (i.e., both implementations
+     of SSL_peek) because they both are completely broken.
+     They will be fixed RSN by adding an additional 'peek' parameter
+     to the internal read functions.
+     [Bodo Moeller]
+
   *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
      The previous value, 12, was not always sufficient for BN_mod_exp().
      [Bodo Moeller]

ssl/s2_pkt.c

@@ -68,6 +68,10 @@ static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
 static int ssl_mt_error(int n);
 int ssl2_peek(SSL *s, char *buf, int len)
 	{
+#if 1
+	SSLerr(SSL_F_SSL2_PEEK, SSL_R_FIXME); /* function is totally broken */
+	return -1;
+#else
 	int ret;
 
 	ret=ssl2_read(s,buf,len);
@@ -77,6 +81,7 @@ int ssl2_peek(SSL *s, char *buf, int len)
 		s->s2->ract_data-=ret;
 		}
 	return(ret);
+#endif
 	}
 
 /* SSL_read -

ssl/s3_lib.c

@@ -1280,6 +1280,10 @@ int ssl3_read(SSL *s, void *buf, int len)
 
 int ssl3_peek(SSL *s, char *buf, int len)
 	{
+#if 1
+	SSLerr(SSL_F_SSL3_PEEK, SSL_R_FIXME); /* function is totally broken */
+	return -1;
+#else	
 	SSL3_RECORD *rr;
 	int n;
 
@@ -1298,6 +1302,7 @@ int ssl3_peek(SSL *s, char *buf, int len)
 		n=len;
 	memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
 	return(n);
+#endif
 	}
 
 int ssl3_renegotiate(SSL *s)

ssl/ssl.h

@@ -1238,6 +1238,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL2_ACCEPT				 122
 #define SSL_F_SSL2_CONNECT				 123
 #define SSL_F_SSL2_ENC_INIT				 124
+#define SSL_F_SSL2_PEEK					 234
 #define SSL_F_SSL2_READ					 125
 #define SSL_F_SSL2_SET_CERTIFICATE			 126
 #define SSL_F_SSL2_WRITE				 127
@@ -1263,6 +1264,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL3_GET_SERVER_DONE			 145
 #define SSL_F_SSL3_GET_SERVER_HELLO			 146
 #define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147
+#define SSL_F_SSL3_PEEK					 235
 #define SSL_F_SSL3_READ_BYTES				 148
 #define SSL_F_SSL3_READ_N				 149
 #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150
@@ -1405,6 +1407,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
 #define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
 #define SSL_R_EXTRA_DATA_IN_MESSAGE			 153
+#define SSL_R_FIXME					 1101
 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
 #define SSL_R_HTTPS_PROXY_REQUEST			 155
 #define SSL_R_HTTP_REQUEST				 156

ssl/ssl_err.c

@@ -91,6 +91,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0),	"SSL2_ACCEPT"},
 {ERR_PACK(0,SSL_F_SSL2_CONNECT,0),	"SSL2_CONNECT"},
 {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0),	"SSL2_ENC_INIT"},
+{ERR_PACK(0,SSL_F_SSL2_PEEK,0),	"SSL2_PEEK"},
 {ERR_PACK(0,SSL_F_SSL2_READ,0),	"SSL2_READ"},
 {ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0),	"SSL2_SET_CERTIFICATE"},
 {ERR_PACK(0,SSL_F_SSL2_WRITE,0),	"SSL2_WRITE"},
@@ -116,6 +117,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0),	"SSL3_GET_SERVER_DONE"},
 {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0),	"SSL3_GET_SERVER_HELLO"},
 {ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0),	"SSL3_OUTPUT_CERT_CHAIN"},
+{ERR_PACK(0,SSL_F_SSL3_PEEK,0),	"SSL3_PEEK"},
 {ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0),	"SSL3_READ_BYTES"},
 {ERR_PACK(0,SSL_F_SSL3_READ_N,0),	"SSL3_READ_N"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0),	"SSL3_SEND_CERTIFICATE_REQUEST"},
@@ -260,6 +262,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_ERROR_GENERATING_TMP_RSA_KEY      ,"error generating tmp rsa key"},
 {SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST     ,"error in received cipher list"},
 {SSL_R_EXCESSIVE_MESSAGE_SIZE            ,"excessive message size"},
+{SSL_R_FIXME                             ,"FIXME"},
 {SSL_R_EXTRA_DATA_IN_MESSAGE             ,"extra data in message"},
 {SSL_R_GOT_A_FIN_BEFORE_A_CCS            ,"got a fin before a ccs"},
 {SSL_R_HTTPS_PROXY_REQUEST               ,"https proxy request"},