2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5
* This package is an SSL implementation written
6
* by Eric Young (eay@cryptsoft.com).
7
* The implementation was written so as to conform with Netscapes SSL.
9
* This library is free for commercial and non-commercial use as long as
10
* the following conditions are aheared to. The following conditions
11
* apply to all code found in this distribution, be it the RC4, RSA,
12
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13
* included with this distribution is covered by the same copyright terms
14
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
16
* Copyright remains Eric Young's, and as such any Copyright notices in
17
* the code are not to be removed.
18
* If this package is used in a product, Eric Young should be given attribution
19
* as the author of the parts of the library used.
20
* This can be in the form of a textual message at program startup or
21
* in documentation (online or textual) provided with the package.
23
* Redistribution and use in source and binary forms, with or without
24
* modification, are permitted provided that the following conditions
26
* 1. Redistributions of source code must retain the copyright
27
* notice, this list of conditions and the following disclaimer.
28
* 2. Redistributions in binary form must reproduce the above copyright
29
* notice, this list of conditions and the following disclaimer in the
30
* documentation and/or other materials provided with the distribution.
31
* 3. All advertising materials mentioning features or use of this software
32
* must display the following acknowledgement:
33
* "This product includes cryptographic software written by
34
* Eric Young (eay@cryptsoft.com)"
35
* The word 'cryptographic' can be left out if the rouines from the library
36
* being used are not cryptographic related :-).
37
* 4. If you include any Windows specific code (or a derivative thereof) from
38
* the apps directory (application code) you must include an acknowledgement:
39
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53
* The licence and distribution terms for any publically available version or
54
* derivative of this code cannot be changed. i.e. this code cannot simply be
55
* copied and put under another distribution licence
56
* [including the GNU Public Licence.]
58
/* ====================================================================
59
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
61
* Redistribution and use in source and binary forms, with or without
62
* modification, are permitted provided that the following conditions
65
* 1. Redistributions of source code must retain the above copyright
66
* notice, this list of conditions and the following disclaimer.
68
* 2. Redistributions in binary form must reproduce the above copyright
69
* notice, this list of conditions and the following disclaimer in
70
* the documentation and/or other materials provided with the
73
* 3. All advertising materials mentioning features or use of this
74
* software must display the following acknowledgment:
75
* "This product includes software developed by the OpenSSL Project
76
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
78
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79
* endorse or promote products derived from this software without
80
* prior written permission. For written permission, please contact
81
* openssl-core@openssl.org.
83
* 5. Products derived from this software may not be called "OpenSSL"
84
* nor may "OpenSSL" appear in their names without prior written
85
* permission of the OpenSSL Project.
87
* 6. Redistributions of any form whatsoever must retain the following
89
* "This product includes software developed by the OpenSSL Project
90
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
92
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103
* OF THE POSSIBILITY OF SUCH DAMAGE.
104
* ====================================================================
106
* This product includes cryptographic software written by Eric Young
107
* (eay@cryptsoft.com). This product includes software written by Tim
108
* Hudson (tjh@cryptsoft.com).
112
#include "ssl_locl.h"
113
#ifndef OPENSSL_NO_SSL2
118
static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
119
static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
120
static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
121
static int ssl_mt_error(int n);
124
/* SSL 2.0 imlementation for SSL_read/SSL_peek -
125
* This routine will return 0 to len bytes, decrypted etc if required.
127
static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
130
unsigned char mac[MAX_MAC_SIZE];
133
unsigned int mac_size;
136
if (SSL_in_init(s) && !s->in_handshake)
138
n=s->handshake_func(s);
139
if (n < 0) return(n);
142
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
148
s->rwstate=SSL_NOTHING;
149
if (len <= 0) return(len);
151
if (s->s2->ract_data_length != 0) /* read from buffer */
153
if (len > s->s2->ract_data_length)
154
n=s->s2->ract_data_length;
158
memcpy(buf,s->s2->ract_data,(unsigned int)n);
161
s->s2->ract_data_length-=n;
163
if (s->s2->ract_data_length == 0)
164
s->rstate=SSL_ST_READ_HEADER;
170
/* s->s2->ract_data_length == 0
172
* Fill the buffer, then goto ssl2_read_again.
175
if (s->rstate == SSL_ST_READ_HEADER)
179
n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
180
if (n <= 0) return(n); /* error or non-blocking */
183
if (!((p[0] & 0x80) && (
184
(p[2] == SSL2_MT_CLIENT_HELLO) ||
185
(p[2] == SSL2_MT_SERVER_HELLO))))
187
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
193
n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
194
if (n <= 0) return(n); /* error or non-blocking */
196
/* part read stuff */
198
s->rstate=SSL_ST_READ_BODY;
201
/*s->s2->padding=0;*/
203
s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]);
204
if ((p[0] & TWO_BYTE_BIT)) /* Two byte header? */
206
s->s2->three_byte_header=0;
207
s->s2->rlength&=TWO_BYTE_MASK;
211
s->s2->three_byte_header=1;
212
s->s2->rlength&=THREE_BYTE_MASK;
214
/* security >s2->escape */
215
s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0;
219
if (s->rstate == SSL_ST_READ_BODY)
221
n=s->s2->rlength+2+s->s2->three_byte_header;
222
if (n > (int)s->packet_length)
225
i=read_n(s,(unsigned int)n,(unsigned int)n,1);
226
if (i <= 0) return(i); /* ERROR */
230
s->rstate=SSL_ST_READ_HEADER;
231
if (s->s2->three_byte_header)
232
s->s2->padding= *(p++);
233
else s->s2->padding=0;
236
if (s->s2->clear_text)
243
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
249
mac_size=EVP_MD_size(s->read_hash);
250
OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
252
s->s2->ract_data= &p[mac_size];
253
if (s->s2->padding + mac_size > s->s2->rlength)
255
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
260
s->s2->ract_data_length=s->s2->rlength;
261
/* added a check for length > max_size in case
262
* encryption was not turned on yet due to an error */
263
if ((!s->s2->clear_text) &&
264
(s->s2->rlength >= mac_size))
267
s->s2->ract_data_length-=mac_size;
269
s->s2->ract_data_length-=s->s2->padding;
270
if ( (memcmp(mac,s->s2->mac_data,
271
(unsigned int)mac_size) != 0) ||
272
(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
274
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
278
INC32(s->s2->read_sequence); /* expect next number */
279
/* s->s2->ract_data is now available for processing */
281
/* Possibly the packet that we just read had 0 actual data bytes.
282
* (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
283
* In this case, returning 0 would be interpreted by the caller
284
* as indicating EOF, so it's not a good idea. Instead, we just
285
* continue reading; thus ssl2_read_internal may have to process
286
* multiple packets before it can return.
288
* [Note that using select() for blocking sockets *never* guarantees
289
* that the next SSL_read will not block -- the available
290
* data may contain incomplete packets, and except for SSL 2,
291
* renegotiation can confuse things even more.] */
293
goto ssl2_read_again; /* This should really be
294
* "return ssl2_read(s,buf,len)",
295
* but that would allow for
296
* denial-of-service attacks if a
297
* C compiler is used that does not
298
* recognize end-recursion. */
302
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
307
int ssl2_read(SSL *s, void *buf, int len)
309
return ssl2_read_internal(s, buf, len, 0);
312
int ssl2_peek(SSL *s, void *buf, int len)
314
return ssl2_read_internal(s, buf, len, 1);
317
static int read_n(SSL *s, unsigned int n, unsigned int max,
322
/* if there is stuff still in the buffer from a previous read,
323
* and there is more than we want, take some. */
324
if (s->s2->rbuf_left >= (int)n)
330
s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]);
338
if (!s->read_ahead) max=n;
339
if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2))
340
max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2;
343
/* Else we want more than we have.
344
* First, if there is some left or we want to extend */
346
if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend))
348
newb=s->s2->rbuf_left;
351
off=s->packet_length;
352
if (s->packet != s->s2->rbuf)
353
memcpy(s->s2->rbuf,s->packet,
354
(unsigned int)newb+off);
356
else if (s->s2->rbuf_offs != 0)
358
memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]),
367
/* off is the offset to start writing too.
368
* r->s2->rbuf_offs is the 'unread data', now 0.
369
* newb is the number of new bytes so far
371
s->packet=s->s2->rbuf;
372
while (newb < (int)n)
377
s->rwstate=SSL_READING;
378
i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]),
383
SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET);
387
if (s->debug & 0x01) sleep(1);
391
s->s2->rbuf_left+=newb;
397
/* record unread data */
400
s->s2->rbuf_offs=n+off;
401
s->s2->rbuf_left=newb-n;
412
s->rwstate=SSL_NOTHING;
416
int ssl2_write(SSL *s, const void *_buf, int len)
418
const unsigned char *buf=_buf;
422
if (SSL_in_init(s) && !s->in_handshake)
424
i=s->handshake_func(s);
425
if (i < 0) return(i);
428
SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
441
s->rwstate=SSL_NOTHING;
442
if (len <= 0) return(len);
450
i=do_ssl_write(s,&(buf[tot]),n);
457
(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))
467
static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
471
/* s->s2->wpend_len != 0 MUST be true. */
473
/* check that they have given us the same buffer to
475
if ((s->s2->wpend_tot > (int)len) ||
476
((s->s2->wpend_buf != buf) &&
477
!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))
479
SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
488
s->rwstate=SSL_WRITING;
490
(char *)&(s->s2->write_ptr[s->s2->wpend_off]),
491
(unsigned int)s->s2->wpend_len);
495
SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET);
499
if (s->debug & 0x01) sleep(1);
501
if (i == s->s2->wpend_len)
504
s->rwstate=SSL_NOTHING;
505
return(s->s2->wpend_ret);
514
static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
516
unsigned int j,k,olen,p,mac_size,bs;
517
register unsigned char *pp;
521
/* first check if there is data from an encryption waiting to
522
* be sent - it must be sent because the other end is waiting.
523
* This will happen with non-blocking IO. We print it and then
526
if (s->s2->wpend_len != 0) return(write_pending(s,buf,len));
528
/* set mac_size to mac size */
529
if (s->s2->clear_text)
532
mac_size=EVP_MD_size(s->write_hash);
534
/* lets set the pad p */
535
if (s->s2->clear_text)
537
if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
538
len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
540
s->s2->three_byte_header=0;
545
bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
547
/* Two-byte headers allow for a larger record length than
548
* three-byte headers, but we can't use them if we need
549
* padding or if we have to set the escape bit. */
550
if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
553
if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
554
j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
555
/* set k to the max number of bytes with 2
558
/* how many data bytes? */
560
s->s2->three_byte_header=0;
563
else if ((bs <= 1) && (!s->s2->escape))
565
/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
566
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
567
s->s2->three_byte_header=0;
570
else /* we may have to use a 3 byte header */
572
/* If s->s2->escape is not set, then
573
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
574
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
579
s->s2->three_byte_header=1;
580
if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
581
j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
584
s->s2->three_byte_header=(p == 0)?0:1;
589
* j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
590
* holds, and if s->s2->three_byte_header is set, then even
591
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
594
/* mac_size is the number of MAC bytes
595
* len is the number of data bytes we are going to send
596
* p is the number of padding bytes
597
* (if it is a two-byte header, then p == 0) */
601
s->s2->mac_data= &(s->s2->wbuf[3]);
602
s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
603
/* we copy the data into s->s2->wbuf */
604
memcpy(s->s2->wact_data,buf,len);
606
memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */
608
if (!s->s2->clear_text)
610
s->s2->wact_data_length=len+p;
611
ssl2_mac(s,s->s2->mac_data,1);
612
s->s2->wlength+=p+mac_size;
616
/* package up the header */
617
s->s2->wpend_len=s->s2->wlength;
618
if (s->s2->three_byte_header) /* 3 byte header */
622
pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8);
623
if (s->s2->escape) pp[0]|=SEC_ESC_BIT;
624
pp[1]=s->s2->wlength&0xff;
625
pp[2]=s->s2->padding;
632
pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT;
633
pp[1]=s->s2->wlength&0xff;
638
INC32(s->s2->write_sequence); /* expect next number */
640
/* lets try to actually write the data */
641
s->s2->wpend_tot=olen;
642
s->s2->wpend_buf=buf;
644
s->s2->wpend_ret=len;
647
return(write_pending(s,buf,olen));
650
int ssl2_part_read(SSL *s, unsigned long f, int i)
657
/* ssl2_return_error(s); */
658
/* for non-blocking io,
659
* this is not necessarily fatal */
666
/* Check for error. While there are recoverable errors,
667
* this function is not called when those must be expected;
668
* any error detected here is fatal. */
669
if (s->init_num >= 3)
671
p=(unsigned char *)s->init_buf->data;
672
if (p[0] == SSL2_MT_ERROR)
675
SSLerr((int)f,ssl_mt_error(j));
678
memmove(p, p+3, s->init_num);
682
/* If it's not an error message, we have some error anyway --
683
* the message was shorter than expected. This too is treated
684
* as fatal (at least if SSL_get_error is asked for its opinion). */
689
int ssl2_do_write(SSL *s)
693
ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
694
if (ret == s->init_num)
697
s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
707
static int ssl_mt_error(int n)
713
case SSL2_PE_NO_CIPHER:
714
ret=SSL_R_PEER_ERROR_NO_CIPHER;
716
case SSL2_PE_NO_CERTIFICATE:
717
ret=SSL_R_PEER_ERROR_NO_CERTIFICATE;
719
case SSL2_PE_BAD_CERTIFICATE:
720
ret=SSL_R_PEER_ERROR_CERTIFICATE;
722
case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:
723
ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
726
ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
731
#else /* !OPENSSL_NO_SSL2 */
734
static void *dummy=&dummy;