s2_pkt.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ssl_locl.h"
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include <errno.h>
#define USE_SOCKETS
static int ssl_mt_error(int n);
* This routine will return 0 to len bytes, decrypted etc if required.
*/
{
int n;
unsigned char mac[MAX_MAC_SIZE];
unsigned char *p;
int i;
unsigned int mac_size;
if (SSL_in_init(s) && !s->in_handshake)
{
n=s->handshake_func(s);
if (n < 0) return(n);
if (n == 0)
{
return(-1);
}
}
s->rwstate=SSL_NOTHING;
{
n=s->s2->ract_data_length;
else
n=len;
if (!peek)
{
s->s2->ract_data_length-=n;
if (s->s2->ract_data_length == 0)
}
return(n);
}
/* s->s2->ract_data_length == 0
*
* Fill the buffer, then goto ssl2_read_again.
*/
if (s->rstate == SSL_ST_READ_HEADER)
{
if (s->first_packet)
{
if (n <= 0) return(n); /* error or non-blocking */
s->first_packet=0;
p=s->packet;
if (!((p[0] & 0x80) && (
(p[2] == SSL2_MT_CLIENT_HELLO) ||
(p[2] == SSL2_MT_SERVER_HELLO))))
{
return(-1);
}
}
else
{
if (n <= 0) return(n); /* error or non-blocking */
}
/* part read stuff */
p=s->packet;
/* Do header */
/*s->s2->padding=0;*/
if ((p[0] & TWO_BYTE_BIT)) /* Two byte header? */
{
s->s2->three_byte_header=0;
}
else
{
/* security >s2->escape */
}
}
if (s->rstate == SSL_ST_READ_BODY)
{
if (n > (int)s->packet_length)
{
n-=s->packet_length;
i=read_n(s,(unsigned int)n,(unsigned int)n,1);
if (i <= 0) return(i); /* ERROR */
}
p= &(s->packet[2]);
if (s->s2->three_byte_header)
/* Data portion */
if (s->s2->clear_text)
{
mac_size = 0;
{
return(-1);
}
}
else
{
{
return(-1);
}
}
/* added a check for length > max_size in case
* encryption was not turned on yet due to an error */
if ((!s->s2->clear_text) &&
{
ssl2_enc(s,0);
(unsigned int)mac_size) != 0) ||
{
return(-1);
}
}
/* s->s2->ract_data is now available for processing */
/* Possibly the packet that we just read had 0 actual data bytes.
* In this case, returning 0 would be interpreted by the caller
* as indicating EOF, so it's not a good idea. Instead, we just
* continue reading; thus ssl2_read_internal may have to process
* multiple packets before it can return.
*
* [Note that using select() for blocking sockets *never* guarantees
* that the next SSL_read will not block -- the available
* data may contain incomplete packets, and except for SSL 2,
* renegotiation can confuse things even more.] */
goto ssl2_read_again; /* This should really be
* "return ssl2_read(s,buf,len)",
* but that would allow for
* denial-of-service attacks if a
* C compiler is used that does not
* recognize end-recursion. */
}
else
{
return(-1);
}
}
{
}
{
}
unsigned int extend)
{
/* if there is stuff still in the buffer from a previous read,
* and there is more than we want, take some. */
{
if (extend)
s->packet_length+=n;
else
{
s->packet_length=n;
}
return(n);
}
if (!s->read_ahead) max=n;
/* Else we want more than we have.
* First, if there is some left or we want to extend */
off=0;
{
if (extend)
{
off=s->packet_length;
}
{
(unsigned int)newb);
}
}
else
newb=0;
/* off is the offset to start writing too.
* r->s2->rbuf_offs is the 'unread data', now 0.
* newb is the number of new bytes so far
*/
while (newb < (int)n)
{
{
s->rwstate=SSL_READING;
}
else
{
i= -1;
}
#ifdef PKT_DEBUG
#endif
if (i <= 0)
{
return(i);
}
newb+=i;
}
/* record unread data */
if (newb > (int)n)
{
}
else
{
}
if (extend)
s->packet_length+=n;
else
s->packet_length=n;
s->rwstate=SSL_NOTHING;
return(n);
}
{
unsigned int n,tot;
int i;
if (SSL_in_init(s) && !s->in_handshake)
{
i=s->handshake_func(s);
if (i < 0) return(i);
if (i == 0)
{
return(-1);
}
}
if (s->error)
{
ssl2_write_error(s);
if (s->error)
return(-1);
}
s->rwstate=SSL_NOTHING;
for (;;)
{
if (i <= 0)
{
return(i);
}
if ((i == (int)n) ||
(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))
{
return(tot+i);
}
n-=i;
tot+=i;
}
}
{
int i;
/* s->s2->wpend_len != 0 MUST be true. */
/* check that they have given us the same buffer to
* write */
!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))
{
return(-1);
}
for (;;)
{
{
s->rwstate=SSL_WRITING;
}
else
{
i= -1;
}
#ifdef PKT_DEBUG
#endif
{
s->rwstate=SSL_NOTHING;
}
else if (i <= 0)
return(i);
}
}
{
register unsigned char *pp;
/* first check if there is data from an encryption waiting to
* be sent - it must be sent because the other end is waiting.
* This will happen with non-blocking IO. We print it and then
* return.
*/
/* set mac_size to mac size */
if (s->s2->clear_text)
mac_size=0;
else
/* lets set the pad p */
if (s->s2->clear_text)
{
p=0;
s->s2->three_byte_header=0;
/* len=len; */
}
else
{
/* Two-byte headers allow for a larger record length than
* three-byte headers, but we can't use them if we need
* padding or if we have to set the escape bit. */
if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
{
if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
/* set k to the max number of bytes with 2
* byte header */
k=j-(j%bs);
/* how many data bytes? */
s->s2->three_byte_header=0;
p=0;
}
{
/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
s->s2->three_byte_header=0;
p=0;
}
else /* we may have to use a 3 byte header */
{
/* If s->s2->escape is not set, then
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
p=(j%bs);
p=(p == 0)?0:(bs-p);
{
if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
}
else
}
}
/* Now
* j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
* holds, and if s->s2->three_byte_header is set, then even
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
*/
/* mac_size is the number of MAC bytes
* len is the number of data bytes we are going to send
* p is the number of padding bytes
* (if it is a two-byte header, then p == 0) */
/* we copy the data into s->s2->wbuf */
if (p)
if (!s->s2->clear_text)
{
ssl2_enc(s,1);
}
/* package up the header */
{
pp-=3;
}
else
{
pp-=2;
}
/* lets try to actually write the data */
}
int ssl2_part_read(SSL *s, unsigned long f, int i)
{
unsigned char *p;
int j;
if (i < 0)
{
/* ssl2_return_error(s); */
/* for non-blocking io,
* this is not necessarily fatal */
return(i);
}
else
{
s->init_num+=i;
/* Check for error. While there are recoverable errors,
* this function is not called when those must be expected;
* any error detected here is fatal. */
if (s->init_num >= 3)
{
if (p[0] == SSL2_MT_ERROR)
{
j=(p[1]<<8)|p[2];
SSLerr((int)f,ssl_mt_error(j));
s->init_num -= 3;
if (s->init_num > 0)
}
}
/* If it's not an error message, we have some error anyway --
* the message was shorter than expected. This too is treated
* as fatal (at least if SSL_get_error is asked for its opinion). */
return(0);
}
}
int ssl2_do_write(SSL *s)
{
int ret;
{
if (s->msg_callback)
s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
return(1);
}
if (ret < 0)
return(-1);
return(0);
}
static int ssl_mt_error(int n)
{
int ret;
switch (n)
{
case SSL2_PE_NO_CIPHER:
break;
case SSL2_PE_NO_CERTIFICATE:
break;
case SSL2_PE_BAD_CERTIFICATE:
break;
break;
default:
break;
}
return(ret);
}
#else /* !OPENSSL_NO_SSL2 */
# if PEDANTIC
# endif
#endif