Re: [5/6] secur32: Implement schannel EncryptMessage().

2008/12/29 Rob Shearman robertshearman@gmail.com:

2008/12/28 Henri Verbeet hverbeet@gmail.com:

...

• while (received < data_size)
• {

•    ret = pgnutls_record_recv(ctx->session, data + received, data_size - received);
  

•    if (ret < 0)
  

•    {
  

•        if (ret == GNUTLS_E_AGAIN)
  

•        {
  

•            if (!received)
  

Shouldn't this be "if (received == data_size)"?

...

•            {
  

•                pgnutls_perror(ret);
  

•                HeapFree(GetProcessHeap(), 0, data);
  

•                TRACE("Returning SEC_E_INCOMPLETE_MESSAGE\n");
  

•                return SEC_E_INCOMPLETE_MESSAGE;
  

•            }
  

•            break;
  

•        }
  

•        else
  

•        {
  

•            pgnutls_perror(ret);
  

•            HeapFree(GetProcessHeap(), 0, data);
  

•            ERR("Returning SEC_E_INTERNAL_ERROR\n");
  

•            return SEC_E_INTERNAL_ERROR;
  

•        }
  

•    }
  

•    received += ret;
  

• }

The idea was to only return SEC_E_INCOMPLETE_MESSAGE if there's less than one complete TLS record in the buffer, it shouldn't be a problem to have eg. one complete message plus some bytes from the next one, setting the buffer size further down is supposed to take care of that.